Scary, Sneaky HR46

[InfoSec News <isn () C4I ORG>]

http://cryptome.org/hr46.htm

HR46

By Dave Kopel of the Independence Institute

Congress may adjourn today but not before inflicting a series of blows
on civil liberties and federalism. As is usual for end-of-the-session
assaults on civil liberties, the plan is to speed the new laws through
as attachments to some innocuous law, before most people in Congress
have time to notice.

The only real chance for stopping this plan lies in House and Senate
leadership (especially the House) being flooded with phone calls
objecting to yet another sneak attack on the Bill of Rights.

At issue is H.R. 46, a seemingly harmless bill titled "Public Safety
Medal of Valor." The bill sets up a federal board to award federal
Medals of Valor to policemen, federal agents, and the like. But
Congress, unlike many state legislatures, does not operate under a
constitutional requirement that a bill's subject matter and title be
the same. And it turns out that there's much more in this bill than
just medals for firefighters. What the bill does is:

* Expand federal asset forfeiture.

* Expand wiretapping.

* Provide special additional punishments for people who use
  encryption.

* Federalize juvenile crimes, which are properly matters for state
  governments to address.

The House committee report on the bill, of course, only discusses
medals for police officers and not any of the unrelated material which
is being added in the closing hours of Congress. The unrelated,
dangerous, material comes mostly from the never-passed H.R. 2448.

These new provisions were added to H.R. 46 on October 24, 2000, by the
Senate. (See Congressional Record page 10913).

Forfeiture

Section 304 of the "Medal of Valor" bill provides for "Criminal and
Civil Forfeiture for Computer Fraud and Abuse." Although federal
forfeiture laws have been partially reformed, they are still massively
weighted in favor of the government, and allow the government to seize
property from people who have never been convicted of a crime.

H.R. 46 would expand federal forfeiture law to include various
computer crimes, and allow the forfeiture of any personal property
used "to commit or to facilitate the commission of such violation." So
the federal government could seize every computer you own, before you
have even been charged let alone convicted of a computer crime.

Wiretapping

Section 308 of the bill provides federal wiretapping authority over
people suspected of committing various computer crimes allowing the
interception of "wire, oral, and electronic communications relating to
computer fraud and abuse." So if the federal government asks for a
warrant (and wiretap warrants are almost never denied), not only could
federal agents read your e-mail (an "electronic communication"), they
could also put listening devices in every room in your house.

If a teenager were suspected of computer hacking (even hacking which
caused no real damage, but which allegedly posed "a threat to public
health"), then H.R. 46 would allow the government to wiretaps the
parents' telephone. The average telephone wiretap results in the
interception of 1,971 conversations, according to the Wiretap Report
for 1999 (Published by the administrative office of the United States
Courts).

Current federal wiretap authority stems from the Wiretap Act of 1968.
President Lyndon B. Johnson was very concerned about the dangers of
wiretapping--perhaps because he personally had ordered some abusive
wiretaps; so the president opposed proposals to create federal wiretap
power.

Eventually, he accepted the Wiretap Act as part of a larger compromise
to allow passage of the Gun Control Act of 1968. Part of the
compromise was that wiretap powers would be invoked only for certain
enumerated and particularly dangerous offenses. These were crimes
involving espionage, treason, violence, or organized crime.

Unfortunately, in the following three decades, the number of suspected
offenses for which wiretapping is allowed has quadrupled, to over 100.
Among these offenses are making false statements on student-loan
applications or passport applications. 18 U.S.C. sec. 2516(1).

Now, H.R. 46 would expand wiretapping to include a wide variety of
computer crimes, many of which are relatively minor.

Why Wiretaps Are Especially Dangerous

When the Fourth Amendment was written, the Founders expected that all
searches and seizures would be controlled by an important type of
checks and balances. Whenever a person was searched, he would know
about the search; government agents would enter his home or business,
look around, and take property away.

The victim of the search would necessarily know that he had been
searched. He would have every incentive to use all legal means to
ensure that the search was conducted properly, according to the
warrant, and that the warrant itself was properly issued. After the
search, he would be able to seek various forms of redress, including
filing a lawsuit, if any part of the search had been improper.

Wiretaps, however, destroy this important check that safeguards the
Fourth Amendment. Under current federal law, wiretaps-unlike every
other kind of search-may be conducted in secret. 18 U.S.C. sec. 2518.

The law allows delay of months and sometimes-indefinite delay in
notifying a person that she has been subjected to wiretaps. Thus, the
most important element of the Fourth Amendment's checks and balances
the desire of the person being searched to protect her privacy is
eliminated.

Moreover, ordinary search warrants must specifically describe what
will be searched for, and where the search will be conducted. So if
the police are looking for a stolen car, they will check the garage,
but not rummage through a person's bedroom drawers.

Wiretaps, in contrast, more closely resemble the Writs of Assistance,
which provoked the American Revolution. When a wiretap is placed on a
phone, the police listen to every conversation, since they cannot tell
in advance whether the people will talk about a subject related to the
wiretap warrant, or about something else.

Technically, the police are required to stop listening when they are
sure that the conversation is not about the alleged crime involving
the wiretap. But in practice, it is very difficult to ensure that this
requirement is obeyed. Even the most conscientious police wiretapper
cannot help overhearing many innocent conversations, since he cannot
foresee what the parties will talk about. In recent years, there have
been about two million innocent conservations per year overheard as a
result of federal and state wiretaps, according to the Wiretap Report.

Unfortunately, while wiretaps are subject to fewer checks and balances
than ordinary searches, they are considerably more invasive and
destructive to security and privacy. Supreme Court Justice Louis
Brandeis explained:

The evil incident to invasion of the privacy of the telephone is far
greater than that involved in tampering with the mails. Whenever a
telephone line is tapped, the privacy of the persons at both ends of
the line is invaded, and all conversations between them upon any
subject, and although proper, confidential, and privileged, may be
overheard.

Moreover, the tapping of one man's telephone line involves the tapping
of the telephone of every other person whom he may call, or who may
call him. As a means of espionage, writs of assistance and general
warrants are but puny instruments of tyranny and oppression when
compared with wire-tapping. (Olmstead v. United States, 277 U.S. 438
(1928)(Brandeis, J., dissenting))

Earlier this year, the Clinton administration promised that there
would be no more wiretapping bills until privacy reforms were enacted
such as a requirement that the police have probable cause before
obtaining cell-phone records which disclose your location.
Nevertheless, H.R. 46 is moving forward, and contains nothing to
improve privacy protection.

Special Punishment for Encryption

Section 310 provides enhanced (more severe) sentencing for computer
criminals who use encryption. But as the ACLU points out, we don't
provide extra punishment for burglars who wear gloves, or embezzlers
who use paper shredders. So why provide extra punishment simply
because a criminal uses encryption? The obviously answer, the ACLU
notes, is because enhanced punishment "stigmatizes the use of
encryption, suggesting that it is somehow worse to use this method to
conceal a crime than to use other methods."

Federalizing Juvenile Crime

Although Congress nearly passed a mammoth bill in 1999 to federalize
juvenile crime, the issue of juvenile justice (like most other
criminal justice issues) is properly a matter for states. Section 306
of H.R. 46 would allow federal courts to hear juvenile delinquency
cases involving alleged teenage computer criminals.

But there's no reason to believe that federal courts are better than
state courts in dealing with 14-year-olds accused of hacking. Notably,
every state has some kind of juvenile justice program, to provide
appropriate treatment to rehabilitate juveniles.

The federal government does not. Besides, federal courts are already
so overwhelmed with drug cases that there is no reason to burden them
further with juvenile matters that belong in state court.

H.R. 46 required "unanimous consent." But the bill remains a threat
under procedures which allow suspension of the rules, or as an
attachment to the omnibus spending bill.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".