Information Security News mailing list archives
Re: Bill Punishes Crypto
From: security curmudgeon <jericho () ATTRITION ORG>
Date: Tue, 14 Nov 2000 10:47:07 -0700
http://www.securityfocus.com/news/108 By Kevin Poulsen WASHINGTON--Criminals who use encryption to conceal their wrongdoing will get harsher sentences than those who stick to plaintext, under computer crime legislation pending in the Senate that's attracted opposition from at least one civil liberties group.
Of course, this leaves a nice gaping loophole law enforcement would be sure to abuse. Joe Agent kicks down the door of someone suspected of hacking related crimes. During the forensics analysis of the suspect's machine, they find NO evidence of the crime. But they DO find encrypted files. What then? If the agents can not break the encryption, they have no proof the person was involved in the crime. But with this law in place, they could use it to push for harsher sentences and claim the encrypted files contain the evidence they are looking for. This potentially introduces reasonable doubt as to the innocence of the suspect. For someone who can not afford a good lawyer and has little means to fight the financial backing of the government, a plea bargain begins to look like a viable option. It seems to me the only time this could be applied legally is if the agents can decrypt encrypted files. Since any kid on the street can download PGP and other forms of encryptioin that are basically beyond the government's capability to break, the only time the agents could get to the unencrypted material would be if the suspect gave up the passphrase. At that point, you'd think they were already at a plea bargain stage.
In addition to creating the new sentencing enhancement, the legislation would empower federal agents to use wiretaps and bugs when investigating computer crimes, allow for civil forfeiture of property in computer crime cases, and add computer hacking to the list of offenses for which juveniles could be tried federally.
[Text of bill S.2448] http://thomas.loc.gov/cgi-bin/bdquery/z?d106:s.02448:
ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Bill Punishes Crypto William Knowles (Nov 15)
- Re: Bill Punishes Crypto security curmudgeon (Nov 16)