Cyphernomicon Top
Cyphernomicon 2.11

MFAQ--Most Frequently Asked Questions:
Legal


   2.11.1. "Can encryption be banned?"
           - ham operators, shortwave
           - il gelepal, looi to waptime aolditolq
           + how is this any different from requiring speech in some
              language?
             - Navaho code talkers of WW2,,,,modern parallel
   2.11.2. "Will the government try to ban encryption?"
           - This is of course the major concern most of us have about
              Clipper and the Escrowed Encryption Standard in general.
              Even if we think the banning of crypto will ultimately be a
              failure ("worse than Prohibition," someone has said), such
              a ban could make things very uncomfortable for many and
              would be a serious abridgement of basic liberties.
           - We don't know, but we fear something along these lines. It
              will be difficult to enforce such a ban, as so many avenues
              for communication exist, and encrypted messages may be hard
              to detect.
           - Their goal, however, may be _control_ and the chilling
              effect that using "civil forfeiture" may have on potential
              crypto users. Like the drug laws. (Whit Diffie was the
              first to emphasize this motivation.)
   2.11.3. "How could encryption be banned?"
           - most likely way: restrictions on networks, a la airwaves or
              postal service
           - could cite various needs, but absent a mechanism as above,
              hard to do
           - an outright  ban, enforced with civil forfeiture penalties
           - wartime sorts of policies (crypto treated as sedition,
              treason...some high-profile prison sentences)
           - scenario posted by Sandfort?
   2.11.4. "What's the situation about export of crypto?"
           + There's been much debate about this, with the case of Phil
              Zimmermann possibly being an important test case, should
              charges be filed.
             - as of 1994-09, the Grand Jury in San Jose has not said
                anything (it's been about 7-9 months since they started
                on this issue)
           - Dan Bernstein has argued that ITAR covers nearly all
              aspects of exporting crypto material, including codes,
              documentation, and even "knowledge." (Controversially, it
              may be in violation of ITAR for knowledgeable crypto people
              to even leave the country with the intention of developing
              crypto tools overseas.)
           - The various distributions of PGP that have occurred via
              anonymous ftp sources don't imply that ITAR is not being
              enforced, or won't be in the future.
   2.11.5. "What's the legal status of digital signatures?"
           - Not yet tested in court. Ditto for most crypto protocols,
              including digital timestamping, electronic contracts,
              issues of lost keys, etc.
   2.11.6. "Can't I just claim I forgot my password?"
   2.11.7. "Is it dangerous to talk openly about these ideas?"
           - Depends on your country. In some countries, perhaps no. In
              the U.S., there's not much they can do (though folks should
              be aware that the Cypherpunks have received a lot of
              attention by the media and by policy makers, and so a vocal
              presence on this list very likely puts one on a list of
              crypto trouble makers).
           - Some companies may also feel views expressed here are not
              consistent with their corporate policies. Your mileage may
              vary.
           - Sedition and treason laws are not likely to be applicable.
           - some Cypherpunks think so
           - Others of us take the First Amendment pretty seriously:
              that _all_ talk is permissable
           - NSA agents threatened to have Jim Bidzos killed
   2.11.8. "Does possession of a key mean possession of *identity*?"
           - If I get your key, am I you?
           - Certainly not outside the context of the cryptographic
              transaction. But within the context of a transaction, yes.
              Additional safeguards/speedbumps can be inserted (such as
              biometric credentials, additional passphrases, etc.), but
              these are essentially part of the "key," so the basic
              answer remains "yes." (There are periodically concerns
              raised about this, citing the dangers of having all
              identity tied to a single credential, or number, or key.
              Well, there are ways to handle this, such as by adopting
              protocols that limit one's exposure, that limits the amount
              of money that can be withdrawn, etc. Or people can adopt
              protocols that require additional security, time delays,
              countersigning, etc.)
           + This may be tested in court soon enough, but the answer for
              many contracts and crypto transactions will be that
              possession of key = possession of identity. Even a court
              test may mean little, for the types of transactions I
              expect to see.
             - That is, in anonymous systems, "who ya gonna sue?"
           - So, guard your key.
 

Next Page: 2.12 Digital Cash
Previous Page: 2.10 Surveillance and Privacy

By Tim May, see README

HTML by Jonathan Rochkind