-Caveat Lector- forwarded.... Dave Hartley http://www.Asheville-Computer.com http://www.ioa.com/~davehart -----Original Message----- From: Keith Hood [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 24, 1999 5:04 PM To: [EMAIL PROTECTED] Subject: [evoco_discussion] It's CESA or us -- one has to go Long-winded rant ahead. Do not read if you care nothing about privacy, freedom, liberty, or the Constitution... This is something we need to get hot about. The Cyberspace Electronic Security Act is a fraud and an assault upon personal freedom. I've read a lot about this bill, including the text of it, and it is an atrocity. Once again the government is trying to do an end run around the Constitution by coming out with a law that could be abused endlessly. A lot of people have expressed outrage over this bill because they think it's designed to allow the Feds to break into their houses to bug their PCs. Others have made comments like "So what if they break in and install spy software on my PC--after they've gone I'll reinstall everything and wipe their stuff." That isn't the problem--under this bill the Feds wouldn't bother to break into your house or office because they wouldn't need to. This bill would give the government the legal authority to intercept and decrypt your e-mail at your ISP, where you can't do anything about it and you wouldn't even know. In fact, it would turn ISPs into defacto arms of the DOJ and the CIA by forcing them to cooperate or face Federal charges. Below is a quote from section 2713 paragraph C of the bill. >> Assistance.-Upon the request of the applicant, a warrant issued under subsection (a) of this section shall direct that a provider of wire or electronic communication service, landlord, custodian or other person shall furnish the governmental entity forthwith all information, facilities; and technical assistance necessary to accomplish the successful execution of the warrant unobtrusively and with a minimum of interference with the services accorded to the persons affected by the search or installation of a recovery device. >> Take special note of that first sentence: "provider of wire or electronic communication service." That means your ISP, folks. This provision means that if a bugging agency obtains a warrant to monitor your communications, the people who run your email server would be required by Federal law to help them set up monitoring of your electronic communications. And your service providers would have to do a good job of it to make sure you think nothing has happened. Look at the phrase "unobtrusively and with a minimum of interference." Who defines "unobtrusive" or "minimum interference?" It sure won't be your or your ISP. And is that judged from the viewpoint of good business, or from the criteria of giving away the government's operation? Take a guess. Think how this provision could be so easily abused. Under this provision, when your email providers help set up monitoring of your account, if they do anything that tells you or even gives you a suspicion that your communications are being monitored, they could be hauled into court for failing to comply with this provision. Oh sure they may win, or the charges may be dismissed, but the cost of defending themselves could be ruinous. Faced with the choice of cooperating or having to go to court on Federal charges, how many ISPs would refuse? And if the buggers did want to take the old-fashioned crude route and get into your physical premises to hack your PC from its keyboard, anyone they ask for help in breaking or otherwise carrying out their mission would have to assist them or face Federal charges. So this provision would make a Federal-level criminal out of anyone who is unwilling for any reason to help bug another person's PC. One of provisions in the bill would allow the use of sealed warrants in getting permission to recover data. That means the agency that gets the warrant to intercept and decrypt your messages does not have to show it to you. Sealed warrants are legal in certain limited circumstances, such as organized crime investigations. But in this new bill, there are no limits placed on the circumstances in which sealed warrants could be used. Under this bill, all PC monitoring warrants could be sealed, no matter what the nature of severity of the case under investigation. The government is trying to pull another Steve Jackson case on us. There is a provision that says notification of the issue of a warrant may be postponed for up to 30 days, by any court of competent jurisdiction, upon the government showing good reason for the postponement. That same section of the bill contains a further stipulation that upon additional showing of good reason, notification may be further postponed. There are no limits on the lengths of further postponements. There are no guidelines or standards for what constitutes 'good reason' in this case. That means that just about any court can postpone warrant notification indefinitely on any grounds it feels like accepting. To you, that means the government can spend as long as it likes slurping data from your communications, and doesn't have to notify you until they feel like it. It gets worse. Below is anther quote: >> "� 2712. Requirements for governmental access to, use of, and disclosure of stored recovery information "(a) Compelled disclosure and use of stored recovery information in the possession of recovery agents.-A governmental entity may require a recovery agent to disclose stored recovery information to the governmental entity, or to use stored recovery information to decrypt data or communications- "(1) pursuant to a warrant issued pursuant to the Federal Rules of Criminal Procedure or an equivalent State warrant, or an order issued under section 2518 of this title; "(2) pursuant to any process under federal or State law to compel disclosure that is permitted by section 2711 (b)(1)(A)(i); "(3) pursuant to a court order issued under subsection (b); or "(4) when an investigative or law enforcement officer, specially designated by the Attorney General, the Deputy Attorney General, the Associate Attorney General, any Assistant Attorney General, any acting Assistant Attorney General, or any Deputy Assistant Attorney General, or by the principal prosecuting attorney of any State or subdivision thereof acting pursuant to a statute of that State, reasonably determines that-" "(A) an emergency situation exists that involves- "(i) immediate danger of death or serious physical injury to any person, "(ii) conspiratorial activities threatening the national security interest, or "(iii) conspiratorial activities characteristic of organized crime or terrorism, requiring that recovery information be obtained or used before an order authorizing the same can, with due diligence, be obtained; and "(B) there are grounds upon which an order could be entered under this section to authorize such disclosure by a recovery agent of stored recovery information, or the decryption of data or communications by a recovery agent using stored recovery information; >> The bill refers to 'recovery agents,' which are defined as entities that store data encryption keys for others. It is full of provisions for reimbursing recovery agents for decrypting data and providing it to the government. And it says in so many words that recovery agents may be required not just surrender your data encryption keys, but to do the donkey work of decrypting. Under section 2712 (a), the government would have the authority to require ISPs to decrypt your communications for them, and then they would be paid for that at some time in the future (and we all know that getting reimbursement from the Feds is quick and painless, right?). So here's another threat to ISPs--costing them money in carrying out these operations for the Feds. Now go back and reread that second quote, where it gives specs for cases in which the government could require recovery agents to surrender data. Notice that nowhere does it mention child pornography, which supposedly is one of the prime reasons for the necessity of this bill, as stated in the bill's preamble. Notice also that there are sections which can be legally interpreted in a myriad of ways, giving the government maximum flexibility in deciding what is serious enough to require decrypting private communications. Also note subsection (a)(1): this means this bill would give the Federal government the authority to grab access to your confidential communications any time there is a STATE warrant issued. This bill not only attempts to turn your ISP into a DOJ office, it tramples all over the idea of separation of state and federal powers. Read section 2712 (a) very carefully. The provisions in it apply to both federal and state offices and personnel. Under this law, government agencies at both state and Federal level could have practically unlimited access to your encrypted data. In fact, look at section 2712 (a)(4)(B): it says how an *individual* appointed by an attorney general or state principle attorney can force disclosure if he determines there are some grounds valid under this act. So if this bill becomes lay, a single individual at either state or federal level could force your ISP to decode your transmissions on just about grounds he likes. And we all know that all our investigative and law enforcement personnel in all agencies at all levels are perfectly incorruptible, right? The government is our friend, right? Let's extrapolate a little here: How would it work? An ISP could be presented with the warrant and be required to decrypt your transmissions for the DOJ. If they seem reluctant they could be threatened with charges as I showed is possible under the section quoted first in this message. And then if the ISP isn't eager enough to help, they still would have to do the data decryption for the government anyway, and the reimbursement for their time and trouble in doing it could be endlessly held up in government paperwork. So the Feds would have two weapons they could use to break uncooperative service providers--obstruction charges and lay payments. And as if that isn't enough, read this quote from the last paragraph of section 2712 (a): >> A federal governmental entity may require a recovery agent to disclose stored recovery information to it or another federal governmental entity, or to use stored recovery information to decrypt data or communications, under paragraphs (1), (2), (3), or (4) for the benefit of a foreign government, pursuant to a request of a foreign government under applicable legislation, treaties, or other international agreements. >> "Federal government entity"? It doesn't even specify the DOJ. It says "A federal government entity." The bill places no limits on which government entities are covered under this section. Under this provision as written, ANY Federal office would have the legal authority to force your ISP to decrypt your communications, as long as some foreign government requested it. As written, this provision would give the Bureau of Land Management the authority to force your ISP to decrypt your e-mail if the Sultan of Brunei asked to see it. The implications of this provision, for both personal freedom and legitimate business, are staggering. Under this bill, your right to privacy in your perfectly legal electronic communications could be revoked by any Federal office, and your ISP forced to decode your messages, at the request of governments which not only do not support American notions about the right to free speech and privacy, but are actively hostile to such ideas. And your tax dollars would pay for it. Here is the URL for the text of the bill. Read it. http://www.cdt.org/crypto/CESA/ This has pushed my button. I am sick and tired and weary unto death of people in Congress thinking they can justify any assault upon personal freedom and privacy by waving the child pornography flag. If the government wants to hire more code crackers and buy more computers so they can more easily decipher drug dealers' e-mail, that's one thing. This is something entirely different. This bill has nothing to do with any kind of pornography and everything to do with control of the Internet. It must be stopped. Anyone who supports it must be voted out of office. Write your congressman, your newspapers, the ACLU, whoever you can think of, to raise a stink about this abomination. Write often. Make your comments loud and nasty. Do whatever you legally can to defeat this bill and oust the would-be Big Brothers who wrote it. Either that, or resign yourself to knowing that from now on, anything you type on your PC keyboard may be taken down and used as evidence against you. Keith Hood _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com ------------------------------------------------------------------------ eGroups.com home: http://www.egroups.com/group/evoco_hei_discussion http://www.egroups.com - Simplifying group communications DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance�not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
