Re: Run a remailer, go to jail?
On Fri, Mar 28, 2003 at 01:10:56PM -0500, Perry E. Metzger wrote: http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger [EMAIL PROTECTED] For those on this list in the Boston area there is a hearing scheduled on the Mass Bill at 10 Am in Room 222 of the Mass State House in Boston. It was introduced in Mass by a Rep Stephen Tobin of Boston and listed on the state website as legislation to establish a crime of illegal internet and broadband access -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
In article [EMAIL PROTECTED], dave [EMAIL PROTECTED] wrote: Will FedEx now require an ID before sending packages? At least in Washington, DC, Fedex already requires an ID before sending packages. -- Shields. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
So there are no FedEx drop boxes in D.C.?? no pickups at hotels etc?? It is not possible to use the drop boxes anonymously, because you must give an account number or credit card number as payment. -- Shields. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
Derek, etal If you (or anyone) goes, I'm sure we'd all appreciate some notes on what transpired. I understand 17 different bills are being considered at this hearing, so don't blink or you may miss it. Peter Trei -- From: Derek Atkins[SMTP:[EMAIL PROTECTED] Dave Emery [EMAIL PROTECTED] writes: For those on this list in the Boston area there is a hearing scheduled on the Mass Bill at 10 Am in Room 222 of the Mass State House in Boston. 10am on what date? -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
Peter, I'll see if I can get there. I'm not sure I can. But I know a number of other MIT-types who are considering going. If I can go I'll try to keep notes. If I can't go, then hopefully someone else can take some notes. -derek Trei, Peter [EMAIL PROTECTED] writes: Derek, etal If you (or anyone) goes, I'm sure we'd all appreciate some notes on what transpired. I understand 17 different bills are being considered at this hearing, so don't blink or you may miss it. Peter Trei -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
At 4:35 PM -0500 on 4/1/03, Trei, Peter wrote: If you (or anyone) goes, I'm sure we'd all appreciate some notes on what transpired. I understand 17 different bills are being considered at this hearing, so don't blink or you may miss it. Cool. What a great day that would be. I could see swinging by the phew! State House /phew! watching the gavel come down after a classic Billy Bulger Hack-Bill-Title-Recitation-And-Approval that would make the old FedEx commercial guys blush (amazing breath control they teach at Suffolk University Law School...), going to Hahvid Squayah for burgers at Bartleys, and then attending the Million Pound March to support the war (Fat Middle-Aged White Guys taunting Scrawny Pimple-Faced Liberals, gotta love it..) at 1:30. Hell, if I could tear myself away from the net, I may even do it... In the meantime, expect the Hacks in the House to pass their up-coming pay-raise when the Battle of Baghdad starts in earnest... Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
At 06:06 PM 03/28/2003 -0500, Steven M. Bellovin wrote: What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. It looked to me like it was the cable TV industry trying to ban possession or sale of illegal cable descramblers as well as connection-sharing things like NAT, but it was a bit hard to tell how much of the language was new as opposed to older, so this may have been extending existing cable descrambler laws to also cover 802.11 or Napsterizing your Tivo. I don't think that banning remailers or crypto was the intent, but the cable industry has never been above using nuclear weaponry to discourage cable service theft, regardless of collateral damage. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
It would also outlaw pre-paid cell phones, that are anonymous if you pay in cash and can be untraceable after a call. Not to mention proxy servers. On the upside, it would ban spam ;-) Cheers, Ed Gerck Perry E. Metzger wrote: http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
Sidney Markowitz writes: They both require that the use of such technologies be for the purpose of committing a crime. The Massachusetts law defines as a crime: (b) Offense defined.--Any person commits an offense if he knowingly (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: [ ... ] or; (ii) to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication; [...] (5) Assist others in committing any of the acts prohibited by this section. To heck with remailers, anonymizing proxies, etal. As I read this, the USPO is liable if it accepts a letter without a correct return address. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
I've just read Declan's politech article sent out this morning, referencing his full report at: http://news.com.com/2100-1028-994667.html I was shocked to see that Michigan has *already* passed such a law! I've found the new law(s), and they basically outlaw my living in Michigan starting March 31st: http://www.michiganlegislature.org/printDocument.asp?objName=mcl-750-219a-amendedversion=txt http://www.michiganlegislature.org/printDocument.asp?objName=mcl-750-540c-amendedversion=txt This was passed in a lame duck session (December 11, 2002) as part of a big omnibus crime act that covered everything from adulteration of butter and cream, to trick or acrobatic flying to false weights and measures, mostly increasing fines and/or jail for existing offenses. Michigan is a leader in overcrowding its prisons. There was other lame duck legislation passed, before a new Governor took office, almost all of it bad for civil liberties! The Bill analysis basically quotes the MPAA website! http://michiganlegislature.org/documents/2001-2002/billanalysis/house/htm/2001-HLA-6079-b.htm Steven M. Bellovin wrote: The question is more complicated than that. The full text of the Texas bill is at http://www.capitol.state.tx.us/data/docmodel/78r/billtext/pdf/HB02121I.PDF (I haven't found the Mass. version). It is far from clear to me that intent to commit a crime is needed. Section 2 of the billl, which does contain the phrase with the intent to harm or defraud a communication service, bars theft of service. (I'm speaking loosely here; read it for yourself.) Section 3 and 4 also contain that phrase; they bar possession of devices for defrauding providers. (The language is rather broad, and seems to bar possession even a computer or modem if you have evil intent.) Michigan's version was done by modifying existing statute concerning cable or satellite television service providers, and drastically broadening it to TELECOMMUNICATIONS. Michigan 750.219a outlaws avoiding a communication charge. Period. No defraud. avoid or attempt to avoid ... by using any of the following: (a) A telecommunications access device. (b) An unlawful telecommunications access device. (c)... Configuring your ISDN to be a voice device, and then sending data over the device, would be a violation (SBC/Ameritech charges more for data than voice). Most folks around here are willing to settle for 56Kbps + 56Kbps (fixed fee) instead of 64Kbps + 64Kbps (per minute). Configuring a wire pair purchased as a burglar alarm circuit (lower fee) and then using it as DSL (avoid high fee) would be a violation. I run an ISP using this technique. Note that the equipment can equally be a device, *OR* an unlawful device. This was a major change from previous law, which required that the device be (a) stolen or (b) counterfeit. Note that an unlawful device would be, among many things listed, a wireless scanning device. Also, reprogramming or modifying anything. The ban on concealing origin or destination is in Sections 5 and 6. That section does *not* have the intent to harm phrase. Given that the bill is amending three consecutive sections of the state penal code (31.12, 31.13, and 31.14), and given that the first two sections have that language but the third doesn't, it's hard for me to see that evil intent is required by the proposed statute. But it's worse than that: the bill bars concealment of existence or place of origin or destination of any communication from any lawful authority. In other words, it would appear to outlaw many forms of cryptography or steganography. In Michigan, 750.540c(1): (b) Conceal the existence or place of origin or destination of any telecommunications service. Subsection (2) is against programmers. Subsection (3) is against documentation writers. Subsection (4) is A person who violates subsection (1), (2), or (3) is guilty of a felony punishable by imprisonment for not more than 4 years or a fine of not more than $2,000.00, or both. ... Each unlawful telecommunications access device or telecommunications access device is considered a separate violation. Writing documentation used by many persons who write programs for many more persons could land me in gaol for a very long time. What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. Michigan included both. Also, using any device without the express authority of the telecommunications service provider, which pretty clearly covers NAT. (Some cable companies try to charge per machine, and record the machine address of the devices connected.) Also, reprogramming a device (and software and computer chips are explicitly included) that is capable of facilitating the interception, transmission, retransmission, decryption, acquisition, or
Re: Run a remailer, go to jail?
On Sun, 2003-03-30 at 17:33, Jurgen Botz wrote: [Moderator's note: is using a NAT box intent to defraud a cable modem provider? --Perry] The cable modem provider and the DSL provider at their consumer service level in my area both have explicit clauses in their AUP prohibiting sharing of the connection by multiple machines (I've seen various wordings, some explicitly mentioning NAT, others explicitly mentioning 802.11). I seem to remember Verizon running DSL TV ads a while back for an equipment and installation deal that included a low-end NAT router. At least in my area (Pittsburgh), they really don't seem to care how many machines I have behind the router in my house. Indeed, when Verizon DSL switched me from a static IP to a PPPoE connection last week (without telling me; gee thanks), and I called their tech support line to find out why my connection was down, the first question the tech asked was whether I was using a router. I said yes, and he gave me the PPPoE info I needed to configure my router while he waited on the line. The only concern he seemed to have about the router was pure personal curiosity as to what model it was. -- Ben - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication. I agree with Peter. Now what are they going to with all that Postal mail without return addresses? Who is liable if you receive it? The Post Office? Will FedEx now require an ID before sending packages? Little electronic ATM like card readers for your ID card at the drop boxes and US mail boxes? If you send it electronically through your ISP and they let it get by, are they now liable if the receiver of the e-mail reports it. They did assist another to conceal. Did they not? If you live in Mass but your ISP is in NY does the law apply? I am thinking if this is one of those laws passes because of ignorant voters and politicians. It will: A) Make a lot of attorneys rich. B) Get torn apart by case law, after making said attorneys rich. But that is just my opinion :) Dave _ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Trei, Peter Sent: Friday, March 28, 2003 23:55 To: 'Sidney Markowitz '; '[EMAIL PROTECTED] ' Subject: RE: Run a remailer, go to jail? Sidney Markowitz writes: They both require that the use of such technologies be for the purpose of committing a crime. The Massachusetts law defines as a crime: (b) Offense defined.--Any person commits an offense if he knowingly (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: [ ... ] or; (ii) to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication; [...] (5) Assist others in committing any of the acts prohibited by this section. To heck with remailers, anonymizing proxies, etal. As I read this, the USPO is liable if it accepts a letter without a correct return address. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
On Fri, Mar 28, 2003 at 01:10:56PM -0500, Perry E. Metzger wrote: http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger [EMAIL PROTECTED] I find another thread of concern to some of us who are hams and radio and satellite TVRO hobbyists. Quoting from the Mass version of the bill... (b) Offense defined.--Any person commits an offense if he knowingly: (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: (i) for the commission of a theft of a communication service or to receive, intercept, disrupt, transmit, re-transmits, decrypt, acquire or facilitate the receipt, interception, disruption, transmission, re-transmission, decryption or acquisition of any communication service without the express consent or express authorization of the communication service provider; or (2) Communication service. Any service lawfully provided for a charge or compensation to facilitate the lawful origination, transmission, emission or reception of signs, signals, data, writings, images and sounds or intelligence of any nature by telephone, including cellular or other wireless telephones, wire, wireless, radio, electromagnetic, photoelectronic or photo- optical systems, networks or facilities; and any service lawfully provided by any radio, telephone, fiber optic, photo-optical, electromagnetic, photoelectric, cable television, satellite, microwave, data transmission, wireless or Internet-based distribution system, network or facility, including, but not limited to, any and all electronic, data, video, audio, Internet access, telephonic, microwave and radio communications, transmissions, signals and services, and any such communications, transmissions, signals and services ^^ lawfully provided directly or indirectly by or through any of the aforementioned systems, networks or facilities. --- end of quote Whilst I am no lawyer, this would seem to possibly render illegal radio and satellite TV receivers that could be used or are used to lawfully receive those radio communications the public is explicitly permitted to listen to under the ECPA (18 USC 2510 and 2511) if the originator of the communication does not provide explicit permission to listen and the transmission involves use of facilities for which a fee is paid (such as space on a leased tower). Included in this category are unencrypted public safety communications such as police and fire calls, aircraft, ships, trains and the like all of which can be picked up on the ubiquitous police scanners (and more sophisticated radios that some of us own as well). And obtaining explicit permission from all the parties involved in such communications is not always easy, nor in many cases do local agencies want to grant it. And also much more likely to be included under the rubric of at at least this very broad Mass language are unencrypted non-scrambled back hauls, news feeds, and free to air MPFG and analog services available from TVRO satellite dishes. These are pretty clearly communications services and watching them in the privacy of one's home for private non-commercial purposes has been legal under the provisions of the late 80s Satellite Viewers Rights Act (provided they weren't scrambled). Of course compared to the larger issues raised by the DMCA language and the apparent prohibition of NAT and anonymous mailers this may seem minor... But it is worrisome to some of us working on software defined radio code in Mass... which might or could be used in ways that might be found illegal under this bill. -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 PGP fingerprint 1024D/8074C7AB 094B E58B 4F74 00C2 D8A6 B987 FB7D F8BA 8074 C7AB - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
At 6:09 PM -0800 3/31/03, dave wrote: to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication. However, this provision shouldn't interfere with NAT on a home network. All the machines are at the same address, the origin of the communication. (The actual source of email communication is the keyboard processor, not the computer with the IP address and email client.) OTOH, the sections dealing with theft of service may apply. Moral is to get your service from a provider that allows NAT. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. Let's not be hasty. On the upside, it would outlaw NAT! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Run a remailer, go to jail?
While taking a look at the proposed Texas law, it appears that it only applies if you are trying to actually cause harm: QUOTE: SECTION 2. Sections 31.12(a), (b), and (e), Penal Code, are amended to read as follows: (a) A person commits an offense if, with the intent to harm or defraud a communication service It doesn't look as bad as it was made out to be, but it all depends on how they determine intent. [Moderator's note: is using a NAT box intent to defraud a cable modem provider? --Perry] Mike - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
No way. The phrase flatly ban is overstating the words in the actual bills. They both require that the use of such technologies be for the purpose of committing a crime. Law enforcement would still have to show intent, which is as it should be. If take the point of view in the essay to its logical conclusion then mailing lists and in some configurations the use of PGP, S/MIME, or VPNs would be illegal also. Maybe states are colluding to outlaw encryption? Now that would be creative on the part of whoever started this bill process. Jim On Fri, 28 Mar 2003, Perry E. Metzger wrote: Date: Fri, 28 Mar 2003 13:10:56 -0500 From: Perry E. Metzger [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Run a remailer, go to jail? http://www.freedom-to-tinker.com/archives/000336.html Quoting: Here is one example of the far-reaching harmful effects of these bills. Both bills would flatly ban the possession, sale, or use of technologies that conceal from a communication service provider ... the existence or place of origin or destination of any communication. -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
out of business by outlawing NAT. I'll drink to that (and the the universal deployment of IPv6)! /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
They both require that the use of such technologies be for the purpose of committing a crime. The Massachusetts law defines as a crime: (b) Offense defined.--Any person commits an offense if he knowingly (1) possesses, uses, manufactures, develops, assembles, distributes, transfers, imports into this state, licenses, leases, sells or offers, promotes or advertises for sale, use or distribution any communication device: [ ... ] or; (ii) to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication; [...] (5) Assist others in committing any of the acts prohibited by this section. And it also says under civil actions: (1) Any person aggrieved by a violation of this section may bring a civil action in any court of competent jurisdiction. Any person aggrieved shall include any communication service provider -- This does seem broad enough to be used in situations other than outright fraud against an ISP or communications company. There is language about intent to defraud in Section 1 but the language in Section 2 (b)(1) about possession, use, manufacture, etc., would seem to have the same kind of broadness we have seen misused in the DMCA, covering people who sell NAT and encryption tools that might be used by someone who sends email while attempting to defraud a communications service provider. -- sidney markowitz [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Run a remailer, go to jail?
In message [EMAIL PROTECTED], James M Galvin writes: No way. The phrase flatly ban is overstating the words in the actual bills. They both require that the use of such technologies be for the purpose of committing a crime. Law enforcement would still have to show intent, which is as it should be. ... Maybe states are colluding to outlaw encryption? Now that would be creative on the part of whoever started this bill process. The question is more complicated than that. The full text of the Texas bill is at http://www.capitol.state.tx.us/data/docmodel/78r/billtext/pdf/HB02121I.PDF (I haven't found the Mass. version). It is far from clear to me that intent to commit a crime is needed. Section 2 of the billl, which does contain the phrase with the intent to harm or defraud a communication service, bars theft of service. (I'm speaking loosely here; read it for yourself.) Section 3 and 4 also contain that phrase; they bar possession of devices for defrauding providers. (The language is rather broad, and seems to bar possession even a computer or modem if you have evil intent.) The ban on concealing origin or destination is in Sections 5 and 6. That section does *not* have the intent to harm phrase. Given that the bill is amending three consecutive sections of the state penal code (31.12, 31.13, and 31.14), and given that the first two sections have that language but the third doesn't, it's hard for me to see that evil intent is required by the proposed statute. But it's worse than that: the bill bars concealment of existence or place of origin or destination of any communication from any lawful authority. In other words, it would appear to outlaw many forms of cryptography or steganography. What's unclear to me is who is behind this. Felten thinks it's content providers trying for state-level DMCA; I think it's broadband ISPs who are afraid of 802.11 hotspots. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]