Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bill Punishes Crypto

From: security curmudgeon <jericho () ATTRITION ORG>
Date: Tue, 14 Nov 2000 10:47:07 -0700
http://www.securityfocus.com/news/108
By Kevin Poulsen

WASHINGTON--Criminals who use encryption to conceal their wrongdoing
will get harsher sentences than those who stick to plaintext, under
computer crime legislation pending in the Senate that's attracted
opposition from at least one civil liberties group.


Of course, this leaves a nice gaping loophole law enforcement would be
sure to abuse.

Joe Agent kicks down the door of someone suspected of hacking related
crimes. During the forensics analysis of the suspect's machine, they find
NO evidence of the crime. But they DO find encrypted files. What then?

If the agents can not break the encryption, they have no proof the person
was involved in the crime. But with this law in place, they could use it
to push for harsher sentences and claim the encrypted files contain the
evidence they are looking for. This potentially introduces reasonable
doubt as to the innocence of the suspect. For someone who can not afford a
good lawyer and has little means to fight the financial backing of the
government, a plea bargain begins to look like a viable option.

It seems to me the only time this could be applied legally is if the
agents can decrypt encrypted files. Since any kid on the street can
download PGP and other forms of encryptioin that are basically beyond the
government's capability to break, the only time the agents could get to
the unencrypted material would be if the suspect gave up the passphrase.
At that point, you'd think they were already at a plea bargain stage.


In addition to creating the new sentencing enhancement, the legislation
would empower federal agents to use wiretaps and bugs when investigating
computer crimes, allow for civil forfeiture of property in computer
crime cases, and add computer hacking to the list of offenses for which
juveniles could be tried federally.



[Text of bill S.2448]
http://thomas.loc.gov/cgi-bin/bdquery/z?d106:s.02448:


ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: