Home/red-rock-eater/S.974 - Anti-Electronic Racketeering Act of 1995

S.974 - Anti-Electronic Racketeering Act of 1995writing

militaryinternationalcivil-libertiesprivacycryptographytechnology-policylawforwarded-contentgovernment-info
1995-07-21 · 5 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1995/S.974.-.Anti-Electronic..html

Content

This web service brought to you by Somewhere.Com, LLC.

S.974 - Anti-Electronic Racketeering Act of 1995

``` [This bill is absolutely astonishing.]

Date: Fri, 21 Jul 95 22:07 PDT From: privacy@vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V04 #16

PRIVACY Forum Digest Friday, 21 July 1995 Volume 04 : Issue 16

---

Date: Wed, 19 Jul 95 19:20:53 PDT From: Jim Gillogly Subject: S.974 - Beyond Clipper and Digital Wiretap

Sen. Grassley introduced a bill in the Senate on 27 Jun 1995 which he calls "The Anti-electronic Racketeering Act", defining newly-identified computer crimes to be subject to the confiscatory RICO laws. It betrays an astonishing lack of understanding of the Net it tries to regulate, but its draconian penalties for ill-defined acts still make it potentially a very effective means of selectively harassing privacy advocates. While it has a good chance of stalling out in the Judiciary Committee, even a 10% chance of passage would be too high for comfort whether or not its most startling malapropisms were made coherent.

The bill includes total inanities, such as making it "unlawful for any person to damage or threaten to damage electronically or digitally stored data." You evidently can't delete or edit files under the new regime. Further, "It shall be unlawful to use a computer or computer network to transfer unlicensed computer software, regardless of whether the transfer is performed for economic consideration." This means no more code fragments, shareware, or freeware to be distributed on the Net. Are they thinking just of commercial software? Are they thinking? The key concepts such as "computer network" are not defined, another source of concern.

The main assaults on privacy are intentional though, outlawing distribution of encryption programs (strong or weak) and anonymous financial transactions, and explicitly weakening the parts of the Privacy Act that the government violated in the Steve Jackson case. The encryption part:

`Sec. 1030A. Racketeering-related crimes involving computers `(a) It shall be unlawful-- ... `(2) to distribute computer software that encodes or encrypts electronic or digital communications to computer networks that the person distributing the software knows or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable;

Since foreign nationals and foreign governments are on virtually all networks, including (for example) my company's internal network, this means no encryption code can be distributed on any network at all. The "regardless" clause indicates that the bill isn't restricting just strong encryption programs, but any encryption programs at all -- well beyond the already onerous ITAR restrictions.

An exception is given that allows distribution of encryption programs under one circumstance:

`(c) It shall be an affirmative defense to prosecution under this section that the software at issue used a universal decoding device or program that was provided to the Department of Justice prior to the distribution.'.

This is even more restrictive than the ill-judged Clipper initiative, which was to have key escrow be (a) voluntary, and (b) distributed between two agents which were not necessarily in DoJ. Further, since the issue at hand is software rather than hardware, it means in effect that there must be a back door in the encryption algorithm itself, since otherwise the algorithm could be used with keys that had not been handed over to DoJ.

If the intent of the bill is to prevent racketeers from using encryption, it misses the mark entirely by not making encryption itself illegal. It makes net-based authors responsible for acts committed by their users. Encryption, and even strong encryption, is an integral part of many commercial packages available to foreign nationals and others in U.S. software stores; this bill does not address distribution of strong (or weak) encryption through commercial channels.

[Sarcasm mode ON.] This would seem at first to ignore the international nature of the Net, since obviously people in Finland, the U.K., Italy, and Germany have excellent cryptography FTP sites accessible to foreign (i.e. non-U.S.) nationals. However, this is covered also:

`(g)(1)(A) Any act prohibited by this section that is committed using any computer, computer facility, or computer network that is physically located within the territorial jurisdiction of the United States shall be deemed to have been committed within the territorial jurisdiction of the United States. `(B) Any action taken in furtherance of an act described in subparagraph (A) shall be deemed to have been committed in the territorial jurisdiction of the United States. `(2) In any prosecution under this section involving acts deemed to be committed within the territorial jurisdiction of the United States under this subsection, venue shall be proper where the computer, computer facility, or computer network was physically situated at the time at least one of the wrongful acts was committed.'.

Do we look forward to a U.S. commando raid on an FTP site in Milan to bring the perpetrators back to stand trial here? [Sarcasm mode OFF.]

Declaring these new crimes racketeering under the RICO statutes is the real perniciousness of the bill. Any act of accessing the software by a foreign national is considered a separate offense, so that (for example) posting a simulation of the Captain Midnight Secret Squadron Decoder Badge to Usenet would result in millions of separate violations, making your computer subject to confiscation without due (or any) process.

Sen. Grassley regards this as a positive feature, and has even gone further. When introducing the bill he said:

It is not enough to simply modernize the Criminal Code. We also have to reconsider many of the difficult procedural burdens that prosecutors must overcome...

... for law enforcers--both State and Federal--who have seized a computer which contains both contraband or evidence and purely private material, I have created a good-faith standard so that law enforcers are not shackled by undue restrictions...

So what can we do about it? Petitions appear to be ineffective: the one we sent to Sen. Leahy made no impression at all -- perhaps Net people have been so demonized lately that having their bad opinion is considered a positive good. We could try supporting lobbying organizations, but we need to be careful that the ones we support will oppose these bills -- many privacy advocates felt betrayed in the Digital Wiretap fight. We could try to educate our own representatives, but there's no evidence that they read incoming mail any further than checking the "favors" or "opposes" box on the "constituent responses" form. Do we engage in pro-active resistance, such as making sure widespread plug-and-play strong cryptography and digital cash are firmly in place before nonsensical legislation like this or its successors can be enacted?

Whatever we do, we'd better do it soon: Washington has discovered the Net, and they pass regulations, whether they understand what they're doing or not. When the trial balloon for Clipper was floated it seemed clear to many of us that it didn't make sense as long as it was voluntary. This proposed bill would outlaw distribution of effective crypto software, and the next one could well criminalize encryption itself.

Required reading: ftp://ftp.loc.gov/pub/thomas/c104/s974.is.FTP

Jim Gillogly Highday, 27 Afterlithe S.R. 1995, 02:10

---

End of PRIVACY Forum Digest 04.16

--- ```

This web service brought to you by Somewhere.Com, LLC.