Law in the Internet Society
Current mass-market communications technology is very insecure. User adoption rates for encryption of emails, instant messages, and phone calls are for all intents nil. Even the use of ad-free, cookie-free, untraceable internet browsing is on the order of 5%, despite its extreme ease. Legal protection for the privacy of such communications is scarcely any better. For example, the NSA entrapped, wiretapped, and blackmailed a high-ranking Democratic congresswoman for the purpose of installing her on the House Intelligence committee where she could expand their surveillance powers. Authority for roaming, warrantless wiretaps has been claimed by presidents from both political parties. The dominant usage of technology in America has done much to destroy the expectations of privacy and secrecy that people enjoyed just a few decades ago. Might it be possible to convince people to take matters into their own hands?

I like to call my proposed solution the PATRIOT phone. It will look like this. It will feature RSA cryptography that is all but impossible to break, with no back doors or key escrow. With the right marketing strategy, a satisfactory product, and reasonable price points, it shouldn't be difficult to put such devices in the hands of several thousands of users. At that point, the device becomes an impediment to large scale surveillance. If even 1% of network traffic were encrypted, it would be impossible to capture that volume of traffic for cryptanalysis -- there simply aren't enough supercomputers.

Such consumer technology does not exist. There are a variety of phones that employ RSA or similarly strong encryption, but they are not interoperable and cost $1500 or more. This is puzzling. Crytographic algorithms, qua algorithms, are not patentable subject matter and cannot be monopolized. To whatever extent such monopolization was possible (i.e. by patenting cryptographic math done "on a computer" or "a microchip that performs cryptographic math"), those patents should have long since been expired. See 1, 2. This academic paper suggests a means for implementing RSA into programmable logic chips that cost less than $10, and provides sufficient computing power to encrypt voice data in real time. In fact, that paper is five years old: the technology should be trivial at this point.

As a regulatory matter, the approval of such a device ought to be straightforward. The FCC's Rule Part 15 requires that devices not cause "harmful interference" that would jam other authorized signals (radio, television, etc). There does not appear to be any sort of clause that allows the FCC to disapprove devices that it simply does not like.

The US cellular handset market is highly concentrated. The top three companies account for two thirds of the market, and the top six account for almost 90%. Part of the problem

*Outline -Form of a solution: the device. *Why doesn't it exist? Supply side: -firmware/chipsets patented... scale? -regulatory issues -lack of competition/barriers to entry *How else might it be implemented -the network? skype, google voice... -or private routers and a mesh grid *Legislative or regulatory response?

Work in progress, nowhere near done.

-- HarryLayman - 18 Nov 2009

 

Navigation

Webs Webs

r5 - 01 Dec 2009 - 16:06:30 - HarryLayman
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM