Amerikanisches Gesetz ueber Verschluesselungsprogramme in Vorbereitung Mailingliste: provider-at@netwing.at Beitrag von : Thomas Lehner > > >Forwarded-by: "Andrew D. Isaacson" >Forwarded-by: spaf@cs.purdue.edu (Gene Spafford) > >The last week has produced some incredible events in the U.S. House of >Representatives as regards cryptography. > >Enclosed is a story about one such event that may soon result in U.S. >law. If you do business in the U.S. or live in the U.S. and expect to >use computer systems and networks, this issue should be of major >concern to you. Most mainstream media seems to be avoiding this issue, >perhaps because it is difficult to present to the lay reader. Thus, >you may not have heard about this. We think you should. The >implications are huge for our security and privacy, and for the ability >to conduct unhindered research and education on information security >issues in the U.S. > >I will not editorialize on this issue here. However, I urge you to seek out >information on what is happening and convey your opinions, whatever they may >be, to your elected representatives (if you are in the US). You should act >soon, as there may be little time before a final bill is crafted to go to the >floor of the House. > > >---------- Forwarded message ---------- >Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT) >From: Declan McCullagh >To: fight-censorship-announce@vorlon.mit.edu >Subject: House panel votes behind closed doors to build in Big Brother > >Software that protects your privacy is a controlled substance that may no >longer be sold, a Congressional committee decided today. > >Meeting behind closed doors this morning, the House Intelligence committee >voted to replace a generally pro-encryption bill with an entirely >rewritten draft that builds in Big Brother into all future encryption >products. (The Senate appears to be moving in a similar direction.) > >The new SAFE bill -- titled in a wonderfully Orwellian manner the >"Security and Freedom through Encryption" act even though it provides >neither -- includes these provisions: > >SELLING CRYPTO: Selling unapproved encryption products (that do not >include "immediate access to plaintext") becomes a federal crime, >immediately after this bill becomes law. Five years in jail plus >fines. Distributing, importing, or manufacturing such products >after January 31, 2000 is another crime. > >NETWORK PROVIDERS: Anyone offering scrambled "network service" >including encrypted web servers or even "ssh" would be required to >build in a backdoor for the government by January 31, 2000. This >backdoor must provide for "immediate decryption or access to >plaintext of the data." > >TECHNICAL STANDARDS: The Attorney General will publish technical >requirements for such backdoors in network service and encryption >products, within five months after the president signs this bill. > >LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be >unlawful to use any encryption product purchased or in use prior to >such date." > >GOVERNMENT POWERS: If prosecutors think you may be selling, >importing, or distributing non-backdoor'd crypto or are "about" to >do so, they can sue. "Upon the filing of the complaint seeking >injunctive relief by the Attorney General, the court shall >automatically issue a temporary restraining order against the party >being sued." Also, there are provisions for holding secret >hearings, and "public disclosure of the proceedings shall be >treated as contempt of court." You can request an advisory opinion >from the government to see if the program you're about to publish >violates the law. > >ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting >police access to your encrypted data. But all the government has to >do to get one is to provide "a factual basis establishing the >relevance of the plaintext" to an investigation. They don't have to >demonstrate probable cause, which is currently required for a >search warrant. More interestingly, this explicitly gives the FISA >court jurisdiction (yes, the secret court that has never denied a >request for a wiretap). If they decode your messages, they'll tell >you within 90 days. > >GOVERNMENT PURCHASING: Federal government computer purchases must >use a key escrow "immediate decryption" backdoor after 1998. Same >with networks "purchased directly with Federal funds to provide the >security service of data confidentially." Such products can be >labeled "authorized for sale to U.S. government" > >ENCRYPTION EXPORTS: The Defense & Commerce departments will control >exports of crypto. Software "without regard to strength" can be >exported if it includes a key escrow backdoor and is first >submitted to the government. Export decisions aren't subject to >judicial review, and the "president may by executive order waive >any provision of this act" if he thinks it's a threat to national >security. Within 15 days, he must send a classified briefing to >Congress. > >ADVISORY PANEL: Creates the Encryption Industry and Information >Security Board, with seven members from Justice, State, FBI, CIA, >White House, and six from the industry. > >INTERNATIONAL: The president can negotiate international agreements >and perhaps punish noncompliant governments. Can you say "trade >sancation?" > >(Other provisions barring the use of crypto in a crime and >some forms of cryptanalysis are also in the bill.) > >Next the Commerce Committee will vote on SAFE, and a former FBI >agent-turned-Congressman is vowing to ensure that similar language to this >is included. (The committees are voting on the bill in parallel, and a >four-person team of Congressmen is working to forge a compromise before >Commerce votes.) Then the heads of the five committees that have rewritten >the legislation will sit down and work out another compromise. If it's >acceptable to the House Rules committee -- and if the FBI/NSA get what >they want it will be -- the bill can move to the floor for a vote. > >That's why the encryption outlook in Congress is abysmal. Crypto-advocates >have lost, and lost miserably. A month ago, the debate was about export >controls. Now the battle is over how strict the //domestic// controls will >be. It's sad, really, that so many millions of lobbyist-dollars were not >only wasted, but used to advance legislation that has been morphed into a >truly awful proposal. > >I wrote more about this at: > > http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html > >-Declan > > > > >-- > This is a footer. > It is a pretty footer. > I did this footer all by myself. > If you would like to hire me to do footers like this for you, email me. > > ------------------------------------------------------------------------ > To unsubscribe: mail -s unsubscribe linuxnet-request@cabi.net < /dev/null > > > ====================================================================== Das Archiv der aktuellen Beitraege zur Mailingliste finden Sie unter: http://www.netwing.at/mailarchiv/provider-at ======================================================================