[belltaco]

OP's point is that cracking passwords is a form of art, so Assange should be able to claim cracking a DoD Administrator password was a performance of art and thus legal. It's not an important point, it's a silly one.

>many govts' attempts to ban encryption are stupid because you cannot outlaw math

Huh? You can outlaw math. It'd be a stupid idea and quite hard to successfully enforce, but you can outlaw it.

>Which is why the legality of both having and breaking encryption needs to be detached from intent.

This does not make sense at all. Otherwise there would be no legal difference between using a battering ram to break into someone's house and then claiming it was research for materials testing. It also comes down to privacy and property rights.

Case law is well settled in the physical door locks space which also applies pretty well to the digital space with a good balance between research and not breaking into others property. It's perfectly legal to crack your own NTLM hashes, and those of which you have permission to. Imagine someone going around with a saw sawing up doors and then claiming it was their right because the doors weren't properly secured and made of 12 inches of reinforced steel.

[bubblethink]

My point is that analogies from the real world do not extend very well to digital things, and you can end up with some extremely broad laws that are misused. We already have problems like DMCA because of that. Ultimately, it's very difficult to have consistent laws around encryption.

[belltaco]

Sure, and that's why intent is important. I fully understand encryption being fully legal, but I don't seen any benefit to legally being able to crack/decrypt other's information without their permission and knowledge, against their will.

This has zero implications on crypto-research because it's always legal to try your cracking on your own encrypted data, or on others' data with their permission, like public challenges. What good will it do to extend it to everyone encrypted data?

There are also privacy and property rights issues at hand. Should you be able to crack someone's private key and impersonate them without legal issues?

Reducing something to its basics and then claiming it should be legal by ignoring the real world consequences like the GP was doing is disingenuous.

[bubblethink]

> benefit to legally being able to crack/decrypt other's information without their permission and knowledge

>privacy and property rights

This is precisely the issue with DMCA. It is illegal in the US to decrypt a DVD/blu-ray etc (for reference, see why fedora cannot play dvds). So what should have been a reactive law against piracy is now a proactive prohibition codified in law. That's why, laws around encryption should decide on the actions after the fact. You can then use existing law on the actions and encryption is out of the picture. In this case, the actions would be protected by free speech and other protections afforded to journalists.

[roguecoder]

You can’t break and enter and then claim that it was legal because all you did was read documents you used to write a New York Times article.

Indeed, actual journalists have ethics departments that help ensure they don’t step over the line from accepting information gained illegally into encouraging people to commit illegal acts to get them information, and if they commit illegal acts to get information that is always a crime. It’s not even a grey area here.

[bubblethink]

"Breaking and entering" is a well defined thing in the real world. It does not extend well to digital stuff, and if you go down that road, you end up with the failure to decrypt DVDs. There is no digital property per se. It's just a proxy for other things. So decouple the two. There is no breaking and entering in the digital world. There are just actions you take after the fact, and you can rule on the actions.

[mike00632]

If you use someone else's credentials to log in as them then you are breaking the law, even if you didn't have to crack the password. I feel like this is very clearly defined. It's just like if you steal someone's purse because they set it down without securing it. It doesn't matter how easy it was or if you consider your act "art", it's still clearly breaking the law and easy to understand why it's illegal.