[117998] in Cypherpunks
CESA, "new" crypto regs
daemon@ATHENA.MIT.EDU (Greg Broiles)
Fri Sep 17 10:15:58 1999
Message-Id: <4.2.0.58.19990916195821.00b34280@mail.wenet.net>
Date: Fri, 17 Sep 1999 07:01:30 -0700
To: cypherpunks@cyberpass.net
From: Greg Broiles <gbroiles@netbox.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Reply-To: Greg Broiles <gbroiles@netbox.com>
Perhaps someone could point out to me how the new regs treat strong crypto
differently ..
they still want people to ask for permission prior to distribution, track
end users, and reserve the right to reject some requests.
How, precisely, is that liberalization? Same as the old boss, if you ask me.
And, in return for that great step forward, we're asked to accept the
"CESA", better known as the "black bag job" legislation, with the single
section which approved black bag jobs removed - but with the other
provisions, setting up procedures for LEO access to stored keys, and
limiting the ability of criminal defendants or civil litigants to introduce
evidence in court which concerns law enforcement techniques for gaining
access to plaintext .. the new edition goes even further than the original
in protecting private trade secrets related to eavesdropping techniquies,
and allows the government to request that even former law enforcement
agents be prohibited from revealing the techniques used to gather evidence.
I suspect that these trade secret protections are intended to allow current
law enforcement folks to go into the lucrative business of providing
private security, a la Wackenhut, and evade any significant review or
oversight - civil or criminal, public or private - of their activity. Nice
work, if you can get it.
If you've got a word processor handy, try comparing the old version of the
CESA ("black bag bill) at <http://www.cdt.org/crypto/CESA/> with the new
version at <http://www.epic.org/crypto/legislation/cesa/bill_text.html> -
virtually nothing's changed, beyond explicit mention of covert entries,
which are currently legal but not authorized (nor controlled) by statute.
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C
