[hcs-d] Government wiretapping

Joshua Kroll kroll at cs.princeton.edu
Tue Sep 28 15:24:57 EDT 2010

On Tue, Sep 28, 2010 at 3:06 PM, Joe Zimmerman <joe at hcs.harvard.edu> wrote:
>> OK, you are correct, I see in the article that "it is not clear how [the
>> policy] could compel compliance... from a 'freeware' application developed
>> by volunteers."  Well, that's a huge hole in this proposal isn't it.  Aren't
>> there freeware implementations of most cryptographic and communication
>> protocols by now?  That would seem to be all you need to work around this.
>>  So, as long as I send GPG mail/encrypted VoIP straight to your server, and
>> you send GPG mail/encrypted VoIP straight to mine with no intermediate
>> service providers except the ISPs, and we both used free software,
>> everything still seems to be legally private.

Ted, I think you're still focusing on the software. The point is that
if you offered a service to help people meet each other and route
GPG-encrypted messages, you would either have to hold private keys in
escrow (or be able to obtain them), keep plaintext messages (when
you're asked to do so), or pay a fine.

> It really depends on how they try to enforce it, but I agree the prognosis
> is not totally hopeless even if it gets passed. I'd really rather not have
> to resort to exceptions in case law, though, as we do for the DMCA and
> pretty much any other tech legislation.

I'm going to go ahead and say that I find the DMCA to be
non-ridiculous. It has a lot of problems (like all of the digital lock
provisions, circumvention, trafficking, etc.). But the general idea
that the disputes between the user of material and a claimant on the
copyright of that material should (a) be privately ordered before
they're taken to the courts (b) follow a procedure which, though not
without flaws, at least does a good job of protecting both sides and
(c) protect the liability of intermediaries like ISPs and
Facebooks/Googles/YouTubes when they're doing nifty stuff with the
Internets. But as best I can tell, all the farcical legal wrangling
seems to revolve around misuse of poorly-conceived, poorly-written
circumvention-related stuff. At least the notice-and-takedown stuff is
usually pretty clear cut, even when people abuse it.

That of course is a discussion for another thread.

> Also, a puzzling (non-)development:
> http://bits.blogs.nytimes.com/2010/09/28/internet-wiretapping-proposal-met-with-silence/?partner=rss&emc=rss
> Thoughts? (I suppose the Times could just be exaggerating; I know I would
> find it difficult to put together a coherent reply in this little time. But
> then, I'm not a Google.)

I, too, was puzzled by this. But you have to remember that the
"proposal" is a rumor (Washington speak for "the reporter has seen it,
the companies and Congress haven't"). So it's not clear why they'd
risk a comment just yet. If any actual draft legislation or even just
a written proposal or request for comments were to appear, at that
point it would be likely that companies would respond. They don't gain
much from stating a position on non-definite ideas, unfortunately.

More information about the hcs-discuss mailing list