[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Encryption proposal makes activists uneasy


By Anick Jesdanun 
The Associated Press 
Posted April 13, 2003 

NEW YORK -- Cheating on income taxes or neglecting to pay sales taxes
on online purchases could get you five extra years in prison if the
government succeeds in restricting data-scrambling technology,
encryption-rights advocates fear.

Such a measure, they worry, might also discourage human-rights workers
in, say, Sri Lanka from encrypting the names and addresses of their
confidants, in case they fall into the wrong hands.
Draft legislation circulating in the Justice Department would extend
prison sentences for scrambling data in the commission of a crime,
something encryption advocates fear would achieve little in catching
terrorists -- and only hurt legitimate uses of cryptography.

"Why should the fact that you use encryption have anything to do with
how guilty you are and what the punishment should be?" asks Stanton
McCandlish of the CryptoRights Foundation, which teaches human-rights
workers to use encryption. "Should we have enhanced penalties because
someone wore an overcoat?"

The measures are sought by police and intelligence agents who worry
that criminals who use encryption will commit crimes that will be
tougher to solve or prevent.

Law enforcers hope the threat of added penalties -- up to five years
for the first offense and 10 years after that -- would make criminals
think twice before scrambling their messages. Longer sentences have
already been approved for using guns as part of robberies, for

"If you went the extra step to keep us from getting evidence, you
should pay an extra price," said Jimmy Doyle, a former computer-crimes
investigator with the New York Police Department.

It's not the first time encryption has come under assault.

For years, the government restricted the export of high-strength
encryption. It also sought to require software developers to create a
back door and hand investigators a set of keys upon request.

Encryption advocates -- supported by the technology industry --
resisted and thought they had won in September 1999 when the Clinton
administration relaxed the export controls over the objections of the
attorney general and FBI director.

Then came Sept. 11.

The new proposal is part of legislation dubbed Patriot II, a sequel to
the 2001 USA Patriot Act, which gave law enforcers broad new powers.

Attorney General John Ashcroft has said that any draft circulating in
Justice is far from official policy and has yet to be submitted to
Congress. But when he was a senator, Ashcroft in 1998 introduced a
similar bill, which never passed.

As drafted, the latest proposal would apply only to individuals who
willfully and knowingly use encryption to commit a federal felony.

But critics worry that the language could cover almost all conduct
online as encryption gets incorporated in Web browsers for e-commerce,
virtual private networks for telecommuters and other day-to-day

A mistake on an electronic tax return, if it leads to a conviction,
could mean longer prison terms, warns Mark Rasch, a former Justice
Department computer-crimes prosecutor.

Or in the extreme, someone who neglects to pay a state tax for online
shopping -- few people do -- could be prosecuted for federal mail
fraud and face five extra years "for avoiding two dollars' worth of
taxes," Rasch said.

"If suddenly I find myself facing this big criminal penalty because I
happen to use encryption, will that discourage people from using it?"  
said Alan Davidson, staff counsel for the Center for Democracy and

Rasch and other crypto-rights advocates add that encryption would help
stop crime by making it harder to steal passwords or break into

Many question whether such a law would even work.

"You have to be intentional about using encryption, and that's a
tricky thing to prove," said Stewart Baker, a former National Security
Agency counsel now in private law practice. "I do see this provision
as largely symbolic rather than effective."

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.