At 9:35 AM -0700 10/24/99, Tim May wrote:
>At 3:33 AM -0700 1999-10-24, Arnold G. Reinhold wrote:
>
>>I have long doubted the very premise that encrypted communications
>>are a asset to criminals and a threat to law enforcement. The
>>standard way LE penetrates criminal organizations is to work from the
>>bottom. Someone at the retail level is caught and pressured to
>>cooperate. He implicates a superior, and so on.
>>
>>Remember that encrypted messages from the superior to the cooperating
>>underling are sent using the underling's private key. Providing that
>>key to LE is in many ways less risky to the underling than other
>>forms of cooperation. The key need only be provided once and then the
>>is no need for further meeting with agents. Only a few people in LE
>>need to know where the key comes, reducing the risk of leaks and
>>making them easier to trace..
>>
>>Once they have that key, LE gets both an ongoing clear stream of
>>communications and evidence that is much more damming in court than
>>the traditional hard to hear and obscurely worded wire tap recording.
>>And if encryption get criminals to communicate more, it could be a
>>boon to law enforcement.
>
>Damning in court?
>
>How can provenance (origin, history) of the damning message be proved?
>
>If Alice and Bob communicate with PK and remailers, as will be expected,
>how can anything be proved? Sure, if "Pablo Escobar" publishes his public
>key and signs his messages to "Joe Underling," this may be damning in a
>court trial.
>
>But this scenario is unlikely in the extreme.
Is it? large criminal organizations need authentication just as much
as legitimate ones, maybe more so. A large unauthorized transaction
is generally reversed in legitimate business, but can lead to a hail
of bullets in the criminal world.
If bad guys refrain from using electronic signatures, that would be a
significant denial of service in itself. And even if Pablo doesn't
electronically sign his messages, Joe still needs some way to know
they really came from him. Maybe Pablo always signs messages to Joe
with the name "George Washington." Maybe Pablo is the only one who
has Joe's public key. Maybe they have an agreed set of salutations
depending on the day of the week. Whatever. Joe's sworn testimony
that those are Pablo's messages may well convince a jury by itself.
If corroboration is needed there are many ways to get it:
o A long series of exchanges could be tied to remailer messages
originating or terminating at Pablo's computer. Remailer delays long
enough to obscure this pattern would be unacceptable to organized
crime.
o The word usage patterns in the messages Joe receives can be
compared to Pablo's known writing.
o Pablo could be tricked into incorporating identifying information
by innocent questions like "What color dress would Shirley like for
her birthday?" Remember the "AJ is low on water" ploy in the Battle
of Midway?
o Some remailers will be compromised or actually run by law
enforcement. Pablo could be steered toward those by degrading service
to the others. If he once sends just one message through a chain that
is entirely compromised, they have him. Using chain long enough to
make this unlikely would cause unacceptable delays.
o Pablo may occasionally screw up. Criminals are not known for their
communications discipline and remailers are hard to use and impose
annoyingly large delays.
If you are going to say that some of these forms of evidence could be
faked by the police, I would point out that wire tap evidence can
easily be faked now. They convince juries by showing a chain of
custody that would require several agents to collude and they would
do the same with encrypted communications. Cryptographic certainty is
not the standard of proof in any court.
>
>Were I a felon, as I am, I'd surely take crypto and remailers over the
>alternative of no crypto and no remailers.
I'd avoid incriminating electronic communications altogether.
>
>--Tim May
>
>Y2K: It's not the odds, it's the stakes.
That's the best summary I've seen! Mind if I quote it?
Arnold Reinhold
