[2390] in cryptography@c2.net mail archive
Re: Rivest's Wheat & Chaff - A crypto alternative
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Mar 30 12:47:24 1998
Date: Mon, 30 Mar 1998 09:36:55 -0800
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@c2.net
> Do you have a reference for this? The FCC web site has a fact sheet
> http://www.fcc.gov/investigation.html that suggests manufacture and import
> of cell phone capable scanners is illegal (starting in 1994), as is
> disclosing or using any information overheard, but nothing about ownership.
Actually, I fibbed a little, but only a very little.
A bill banning mere ownership (and modification, sale, and so on; no need
for prosecutors to show any ill intent) of cellular capable scanners has
passed the House by a vote of 414-1. A very similar version also passed the
Senate easily, and the two are being reconciled. There's no opposition;
this is fasttrack noncontroversial stuff, on the Hill. I'm told the bill is
as good as signed.
> It does seem that Congress is trying to restrict scanners to prevent a
> public demand for encryption, no doubt at the behest of the law enforcement
> community.
No, you are assuming too much competence from Congress, and too much subtlety
of law enforcement. In truth, the story seems to be that cellphone
manufacturers are finding it much cheaper (and quicker) to lobby for
"noncontroversial" laws banning scanners (a "quick fix") than to add crypto
to their phones. There's no coherent opposing voice with any power on the
Hill; and these kinds of laws ("prevent privacy and fraud") are hard to vote
against, especially so soon after Gingrich and friends were tapped.
The law enforcement industry couldn't care less whether the cellphone airlinks
are private. All wiretaps are done at the base station or inside the network,
where no scanners are needed.
I suspect the cellphone industry wants these laws primarily because they find
them useful at fighting fraud. When you broadcast a reusable "password"
(the MIN/ESN pair) over the air in the clear (as analog phones do), devices
to snoop on conversations start to look very much like devices to steal those
valuable "passwords".
Of course, we all know that these laws are pretty ineffective at protecting
privacy, though they are effective at making it easier to snow the public into
thinking their cellphones are secure. (This is only, what, the fourth such
law? It just gets worse and worse.)
