http://www.orlandosentinel.com/news/nationworld/orl-asecencrypt13041303apr13,0,2185818.story?coll=orl-news-headlines By Anick Jesdanun The Associated Press Posted April 13, 2003 NEW YORK -- Cheating on income taxes or neglecting to pay sales taxes on online purchases could get you five extra years in prison if the government succeeds in restricting data-scrambling technology, encryption-rights advocates fear. Such a measure, they worry, might also discourage human-rights workers in, say, Sri Lanka from encrypting the names and addresses of their confidants, in case they fall into the wrong hands. Draft legislation circulating in the Justice Department would extend prison sentences for scrambling data in the commission of a crime, something encryption advocates fear would achieve little in catching terrorists -- and only hurt legitimate uses of cryptography. "Why should the fact that you use encryption have anything to do with how guilty you are and what the punishment should be?" asks Stanton McCandlish of the CryptoRights Foundation, which teaches human-rights workers to use encryption. "Should we have enhanced penalties because someone wore an overcoat?" The measures are sought by police and intelligence agents who worry that criminals who use encryption will commit crimes that will be tougher to solve or prevent. Law enforcers hope the threat of added penalties -- up to five years for the first offense and 10 years after that -- would make criminals think twice before scrambling their messages. Longer sentences have already been approved for using guns as part of robberies, for instance. "If you went the extra step to keep us from getting evidence, you should pay an extra price," said Jimmy Doyle, a former computer-crimes investigator with the New York Police Department. It's not the first time encryption has come under assault. For years, the government restricted the export of high-strength encryption. It also sought to require software developers to create a back door and hand investigators a set of keys upon request. Encryption advocates -- supported by the technology industry -- resisted and thought they had won in September 1999 when the Clinton administration relaxed the export controls over the objections of the attorney general and FBI director. Then came Sept. 11. The new proposal is part of legislation dubbed Patriot II, a sequel to the 2001 USA Patriot Act, which gave law enforcers broad new powers. Attorney General John Ashcroft has said that any draft circulating in Justice is far from official policy and has yet to be submitted to Congress. But when he was a senator, Ashcroft in 1998 introduced a similar bill, which never passed. As drafted, the latest proposal would apply only to individuals who willfully and knowingly use encryption to commit a federal felony. But critics worry that the language could cover almost all conduct online as encryption gets incorporated in Web browsers for e-commerce, virtual private networks for telecommuters and other day-to-day applications. A mistake on an electronic tax return, if it leads to a conviction, could mean longer prison terms, warns Mark Rasch, a former Justice Department computer-crimes prosecutor. Or in the extreme, someone who neglects to pay a state tax for online shopping -- few people do -- could be prosecuted for federal mail fraud and face five extra years "for avoiding two dollars' worth of taxes," Rasch said. "If suddenly I find myself facing this big criminal penalty because I happen to use encryption, will that discourage people from using it?" said Alan Davidson, staff counsel for the Center for Democracy and Technology. Rasch and other crypto-rights advocates add that encryption would help stop crime by making it harder to steal passwords or break into computers. Many question whether such a law would even work. "You have to be intentional about using encryption, and that's a tricky thing to prove," said Stewart Baker, a former National Security Agency counsel now in private law practice. "I do see this provision as largely symbolic rather than effective." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Apr 14 2003 - 03:28:05 PDT