From Rocky Mountain News, 3/28/03:
"The Senate Thursday passed House Bill 1303, which is intended to stiffen penalties for all the new kinds of crimes that can be committed with technological gizmos..."
"... they've made crimes out of such ordinary practices as altering the apparent source of an e-mail, or using encryption on mail."
"..We're sorry this sneaked up on us, and we hope the governor vetoes it."
DMCA, Patriot Act, Patriot 2... Orwell was right, he just got the year wrong...

Since I'm in Florida, I checked into the bills pending in the FL legislature, and they seem to refer specifically to spammers. The FL bills in question are House bill 1211 and Senate bill 438.

Perhaps I got the wrong bills, but it seems to me that prosecuting spammers is a good thing. Does the legislation conceal a hidden threat to our liberties?

Does this mean that we can prosecute Spammers? Fianlly? Please? I would love to kick just one of their asses personally. Just once. Stike that, all their asses, repeatedly.

Gilbert, in the MA bill on Freedom-to-tinker.com, in section 2, 166.42B paragraph b.1.ii (on the 3rd page of the .rtf file) it says any person commits an offense if he knowingly posesses, uses, etc. any communication device:

"to conceal or to assist another to conceal from any communication service provider, or from any lawful authority, the existence or place of origin or destination of any communication;"

Felten argues (and I agree) that a NAT box conceals from the service provider the (exact) place of origin or destination of a communication. For that matter, it could be argued that ssh'ing into my home box, and using the mailer on that box to write an email, while sitting at a keyboard somewhere else, conceals the (true) place of origin of that email.

Also, does steganography "conceal... the existence... of [a] communication"? If so, this would make it illegal, regardless of _why_ you were using it.

JohnR, the "justification" the MPAA has for this is that they have money and lawyers. They don't need anything else.
 In their view, interactivity is a crime. Good citizens sit back, consume and STFU. Anything else is wrongthink.

Hooray! Extremisim!

Maybe I'm missing something, but I don't see anything in either of these two bills that comes anywhere close to "use a firewall, go to jail."

I see lots of references to "obtaining service without permission" which is already illegal. I see a reference to "unauthorized access, acquisition, decryption, interception, receipt, transmission, or retransmission" of "communication", which is also already illegal. And I see some bits about owning or selling devices whose only intent is theft or fraud, which is (you guessed it) illegal.

So.... What's new here? I mean, I'm not saying that this is a good thing, since it takes laws originally intended to thwart illegal cable descramblers and expands them to a very broad interpretation of "communication" (which includes Internet service), but... I mean, it's much more difficult for you to get access to IP service without your ISP knowing it than it is for you to watch pornos without paying for it.

I guess I'm asking, where's the threat?

Rich, the link works for me; the "We're back" story at http://www.freedom-to-tinker.com/archives/000330.html says that everything's been restored, but recently this was appended:

UPDATE (March 24): On a related note, you may have noticed a glitch or two over the past few days as we moved to a new hosting provider. (You're reading this on the new provider.)

Phew, and I was afraid the MPAA/RIAA had finally gotten the powers they wanted!

The more interesting issue is that the freedom-to-tinker link is broken, and this message is posted on their home page:'

"We're back on the air after roughly thirty-six hours of downtime. Apparently the server that brings you Freedom to Tinker (along with many unrelated sites hosted by the same web hosting provider) has had its hard drives impounded by the authorities as part of a cyberterrorism investigation. The last week or so of backup tapes were impounded too, so everything I have written since March 14 was lost."

All hail the fuckheads in power.

The key here is that the ISP _doesn't send the mail_ (at least not always :-)

I run my own servers. I use the ISP for 'IP Dialtone.' They don't know what is in my packets.

If you use hotmail over a regular ISP account, then you to are violating the provisions of this wretched thing.

Edited by author 03-27-2003 01:05 PM
Looks like most of the proposed bill (at the least the link to the first one) has a bunch of strike-throughs now.

Also, I'm confused... cypherpunks is right, PGP doesn't encrypt the To: and From: from the ISP... and if it did, how would the ISP send it?

Maybe the author means using VPN/tunneling and stuff where it may not use the ISP's tradional methods of transfering emails?

I still think we should watch these type of bills carefully, though..

The problem is that these bills are being "aimed" by people who haven't the foggiest idea what they're doing, and who are attempting to tweak a system using a hammer when they should be picking up a screwdriver.

If you encrypt your email, you're in violation, because the "To" line of the email is concealed from your ISP by encryption.

Yeah, and your ISP's mail server then guesses where you want to send it.

PGP and friends encrypt the body of an email message, not the headers, which are pretty important for getting the message to its destination.

Aren't these bills really aimed at being able to identify and prosecute spammers? I want my privacy, to be sure, but that's the only justification I can think of for any legislature considering this course of action.