IP: Cellphone bills racing through Congress trample civil rights

[Dave Farber <farber () cis upenn edu>]

Forwarded-by: Declan McCullagh <declan () well com>
Date: Tue, 03 Mar 1998 15:39:05-0800
From: John Gilmore <gnu () toad com>
Subject: Cellphone bills racing through Congress trample civil rights


Read the bills, they're both shorter than Declan's article about 'em:




ftp://ftp.loc.gov/pub/thomas/c105/h2369.ih.txt


ftp://ftp.loc.gov/pub/thomas/c105/h2460.rh.txt


Criminalizing the modification of software or electronics is foolish.
Particularly when a law already exists that punishes the real crime
(theft of cellular service), and cops are catching the perpetrators.
Those poor prosecutors who are pushing the bill, what a shame that
they have to actually prove that alleged criminals really intended to
commit a crime, before tossing them in the slammer.  If we just
redefine crime a little, so that everyone we don't like becomes a
criminal, this problem won't exist.


Criminalizing the third-party publication of intercepted communications
is also foolish.  When a fact becomes public knowledge, attempts to
criminalize its circulation are both foolish and dangerous, akin to the
British "Official Secrets Act" that keeps the British press firmly under
the heel of the government.  If the "fact" is untrue, there are already
criminal and civil statutes under which distributing it can be punished.


The wrong answer in both cases is to try to jail the horse after it's
escaped the barn.  The right answer is to shut the barn door.  If the
government encouraged, rather than prohibited, cellular designers to build
systems that are secure against hacking, and private against interception,
the whole problem wouldn't exist.


Congress should take up eliminating the export controls on
cryptography, at least with respect to wireless telephones.  This
would be a better use of their time than these foolish bills.  It
would allow industry to solve the problem itself, without trashing
civil liberties, engineering, experimentation, or the right to publish
true information.


HR 2369 also explicitly declares illegal scanning equipment that can
receive any commercial mobile service band, can decode digital
transmissions to analog, *or* can decrypt encrypted transmissions.  It
makes radios, transcoders, and cryptanalysis illegal.  Not only that, it
deliberately instructs the FCC to keep amending its rules "as
necessary to prevent commerce in receivers that MAY (emphasis mine) be
used unlawfully".  This is just like the bad copyright bill that tries
to criminalize equipment which MAY be used for legal purposes or MAY be used
to violate a copyright.  This bill also has some of those "encrypted"
provisions like:


>                 (3) in subsection (e)(1)--
>                     (A) by striking `fined not more than $2,000 or'; and
>                     (B) by inserting `or fined under title 18, United States
>                   Code,' after `6 months,'; and




HR 2460, "Wireless Telephone Protection Act", is much worse.  It
criminalizes anyone who:


                `(9) knowingly uses, produces, traffics in, has control or
              custody of, or possesses hardware or software, knowing it has
              been configured for altering or modifying a telecommunications
              instrument so that such instrument may be used to obtain
              unauthorized access to telecommunications services;


This isn't limited to cell phones.  This is completely general.
Better throw away those AOL CDROMs that have been configured to
install itself in your computer when you run it (all of them are).  It
"may be used to obtain unauthorized access to telecommunications
services", e.g. by typing in an invalid credit card number, so you can be
thrown in jail for 10 years (first offence) or 15 years (second
offence) for mere possession of the CDROM.  


This is the bill that already passed the House and for which a similar
bill was passed by the Senate in November.  I.e. it's very close to passing!


        John


********


[Declan says:]


My article is at:
  http://cgi.pathfinder.com/netly/opinion/0,1042,1774,00.html


The final text of the bill approved by the House is not online yet. The
relevant portion is below:


        Whoever "knowingly uses, produces, traffics in, has control
        or custody of, or possesses hardware or software, knowing
        it has been configured TO INSERT OR MODIFY
        TELECOMMUNICATION IDENTIFYING INFORMATION ASSOCIATED WITH
        OR CONTAINED IN a telecommunications instrument so that
        such instrument may be used to obtain unauthorized access
        to telecommunications services" goes to jail... (emphasis
        added)


        We have a new affirmative defense: "in a prosecution for a
        violation of subsection (a)(9), (other than a violation
        consisting of producing or trafficking) it is an
        affirmative defense (which the defendant must establish
        by a preponderance of the evidence) that the conduct
        charged was engaged in for research or development in
        connection with a lawful purpose."


        And a definition, though only for identifying information:
        "(11) the term 'telecommunication identifying
        information' means electronic serial number or any other
        number or signal that identifies a specific
        telecommunications instrument or account, or a specific
        communication transmitted from a telecommunications
        instrument."


-Declan






--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------




********************************
See you at INET'98, Geneva 21-24, July 98   <http://www.isoc.org/inet98/>