Skip to main content
EFFecting Change Livestream August 28

EFFector - Volume 6, Issue 1 - Clipper Escrow Agents Chosen

EFFECTOR

EFFector - Volume 6, Issue 1 - Clipper Escrow Agents Chosen

******************************************************************
           //////////////     //////////////     //////////////
         ///                ///                ///
       ///////            ///////            ///////
     ///                ///                ///
   //////////////     ///                ///
******************************************************************
EFFector Online Volume 6 No. 1       9/17/1993       editors@eff.org
A Publication of the Electronic Frontier Foundation   ISSN 1062-9424
1098 lines
                  -==--==--==-<>-==--==--==- 
                        In This Issue:
                 Clipper Escrow Agents Chosen
                 Barlow's "A Plain Text on Crypto Policy"
                 Crypto Conference in Austin
                 Virginians Against Censorship
                   -==--==--==-<>-==--==--==- 


****************************
Clipper Escrow Agents Chosen
****************************

         In the next several days, the Administration will announce it has
chosen at least one escrow agency and has developed procedures for
accessing escrow keys pursuant to warrant.  Here is an account of an
Administration hill staff briefing on September 16, 1993, and the draft
procedures for law enforcement, foreign intelligence, and state and local
law enforcement wiretapping. We are looking for comments and analysis.
Please circulate widely. 

Jerry Berman, EFF.

  ==================                                                      

RE:     Clipper Escrow Agent Briefing for Congressional Staff

        Yesterday, September 15, 1993, a briefing was held for
congressional  staff regarding the status of the Clipper project.  The lead
briefers for the Administration were Mark Richard, Deputy Assistant
Attorney General, Criminal Division, DOJ; Jim Kallstrom, FBI; Geoff
Greiveldinger, Special Counsel, Narcotic and Dangerous Drug Section, DOJ;
and John Podesta.  Also present were Mary Lawton, Counsel for Intelligence
Policy and Review, DOJ; Mike Waguespack, NSC; and Dwight Price, National
District Attorneys Association.

        The Administration has tentatively settled on NIST and a yet to be
determined non-law enforcement component of the Department of the 
Treasury as the "escrow agents."  The Administration will finalize the choices 
in the next few days, according to John Podesta.  The Attorney General will
make an announcement, in what form has not been determined, but it will
probably not be a Federal Register notice.  The Attorney General will
announce that she has adopted, and the escrows have agreed to follow, the
attached procedures.

        The system will work as follows:

(1)   A black box (actually a PC) in the possession of a law enforcement
agency will be able to read the Law Enforcement Access Field in a Clipper
encrypted data stream and extract the identification number specific to the
Clipper chip being used by the intercept target.  Cost of the black box yet
undetermined.  How many will be purchased by law enforcement yet
undetermined, although if use of Clipper becomes common, the black boxes
will be in great demand, by federal as well as state and local agencies. 
They will be available only to law enforcement, with yet to be specified
controls on their sale.  Each black box will have a unique identifier.

(2)   The law enforcement agency will fax the device ID  number to
each of the escrow agents, along with a certification that the agency has
authority to conduct the intercept, the ID number of the intercepting
agency's black box, and the time period for which the intercept is
authorized (in the case of Title III's, up to thirty days, with
extensions).

(3)   The escrow agents will transmit the key components by encrypted
link directly into the black box of the requesting law enforcement agency. 
The key components will only work with that particular black box, and will
only work for the stated duration of the intercept.  If the intercept is
extended, the law enforcement agency will have to send a new request to 
the escrow agents to extend the life of the key components.        The escrow
agents will maintain logs of the requests. Greiveldinger stressed that the
system is "replete with recordation of the transactions that will occur." 
The escrow agents also have a responsibility for maintaining the integrity
of the chip manufacturing process.

        In opening remarks describing the need for the Clipper escrow
system, Kallstrom had stressed that the AT&T product posed a unique threat
in terms of voice quality, affordability, portability and strength of the
encryption.  The Administration rejects the argument that voice encryption
is readily available. The AT&T product, which isn't available yet, is
unique, and competing products, the Administration argues, are yet further
in the future.

        The next voice encryption product in the pipeline is Motorola's,
and Motorola has expressed interest in using Clipper in its product.  The
Administration argued that the need for compatibility would drive a
significant share of the market to Clipper or Capstone-based products. 
Escrow coverage will not be complete, but the bad guys are careless and are
expected to use Clipper products.

        The key criterion used in selecting the escrow agents was whether
the agency had experience in and an infrastructure for handling sensitive
information.  The Administration did not want to use a law enforcement or
national security component, for credibility reasons.  It did not want to
use private entities based on concerns about longevity and not wanting
security to be governed by the need to make a profit.         The briefers
admitted that the proposed system is not really an escrow.  The agencies
holding the key components will not have any duties or responsibilities to
the Clipper users.  The escrows' obligation will be to the government, and
they will be liable to Clipper users only under the Bivens doctrine, where
any failure must be shown to be wilful.

        Both John Podesta and Mark Richard stated that there is no plan on
or over the horizon to outlaw non-escrowed encryption.

        John and Mark said that the international aspects of the
escrow/encryption issue are the thorniest to deal with, and there are no
answers yet.  Clipper products would be exportable with a license, although
other countries may try to keep them out. (Nobody asked questions about
changes in the rules governing export of non-Clipper encryption.)  Other
nations would not participate in the escrow system, nor, presumably, would
they be allowed to buy the black boxes. E.G., if the British intercepted an
IRA communication that appeared to be encrypted with Clipper, and came to
the FBI for help, the anticipated escrow system would not allow the FBI to
get the key from the escrow agents.             

==================PROPOSED PROCEDURES

AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY 
COMPONENTS IN CONJUNCTION WITH INTERCEPTS PURSUANT TO TITLE III

 The following are the procedures for the release of escrowed key
components in conjunction with lawfully authorized interception of
communications encrypted with a key-escrow encryption method. These
procedures cover all electronic surveillance conducted pursuant to Title
III of the omnibus Crime Control and Safe Streets Act of 1968, as amended
(Title III), Title 18, United States Code, Section 2510 et seq.

1)      In each case there shall be a legal authorization for the
interception of wire and/or electronic communications.

2)      All electronic surveillance court orders under Title III shall
contain provisions authorizing after-the-fact minimization, pursuant to 18
U.S.C. 2518(5), permitting the interception and retention of coded
communications, including encrypted communications.

3)      In the event that federal law enforcement agents discover during
the course of any lawfully authorized interception that communications
encrypted with a key escrow encryption method are being utilized, they may
obtain a certification from the investigative agency conducting the
investigation, or the Attorney General of the United States or designee
thereof. Such certification shall

(a) identify the law enforcement agency or other authority conducting the
interception and the person providing the certification; (b) certify that
necessary legal authorization has been obtained to conduct electronic
surveillance regarding these communications; (c) specify the termination
date of the period for which interception has been authorized; (d) identify
by docket number or other suitable method of specification the source of
the authorization; (e) certify that communications covered by that
authorization are being encrypted with a key-escrow encryption method; (f)
specify the identifier (ID) number of the key escrow encryption chip
providing such encryption; and(g) specify the serial (ID) number of the
key-escrow decryption device that will be used by the law enforcement
agency or other authority for decryption of the intercepted communications.

4)      The agency conducting the interception shall submit this
certification to each of the designated key component escrow agents. If the
certification has been provided by an investigative agency, as soon
thereafter as practicable, an attorney associated with the United States
Attorney's Office supervising the investigation shall provide each of the
key component escrow agents with written confirmation of the certification.

5)      Upon receiving the certification from the requesting investigative
agency, each key component escrow agent shall release the necessary key
component to the requesting agency. The key components shall be provided 
in a manner that assures they cannot be used other than in conjunction with
the lawfully authorized electronic surveillance for which they were
requested.

6)      Each of the key component escrow agents shall retain a copy of the
certification of the requesting agency, as well as the subsequent
confirmation of the United States Attorney's office. In addition, the
requesting agency shall retain a copy of the certification and provide
copies to the following:

(a) the United States Attorney's office supervising the investigation, and
(b) the Department of Justice, Office of Enforcement operations .

7) Upon, or prior to, completion of the electronic surveillance phase of
the investigation, the ability of the requesting agency to decrypt
intercepted communications shall terminate, and the requesting agency may
not retain the key components.

These procedures do not create, and are not intended to create, any
substantive rights for individuals intercepted through electronic
surveillance, and noncompliance with these procedures shall not provide the
basis for any motion to suppress or other objection to the introduction of
electronic surveillance evidence lawfully acquired.

AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY 
COMPONENTS IN CONJUNCTION WITH INTERCEPTS PURSUANT TO FISA

The following are the procedures for the release of escrowed key 
components in conjunction with lawfully authorized interception of 
communications encrypted with a key-escrow encryption method. These 
procedures cover all electronic surveillance conducted pursuant to the 
Foreign Intelligence Surveillance Act (FISA), Pub. L. 9S-511, which appears 
at Title 50, U.S. Code, Section 1801 et seq.

1)      In each case there shall be a legal authorization for the
interception of wire and/or electronic communications.

2)      In the event that federal authorities discover during the course of
any lawfully authorized interception that communications encrypted with a
key-escrow encryption method are being utilized, they may obtain a
certification from an agency authorized to participate in the conduct of
the interception, or from the Attorney General of the United States or
designee thereof. Such certification shall

(a) identify the agency participating in the conduct of the interception
and the person providing the certification; (b) certify that necessary
legal authorization has been obtained to conduct electronic surveillance
regarding these communications; (c) specify the termination date of the
period for which interception has been authorized; (d) identify by docket
number or other suitable method of specification the source of the
authorization; (e) certify that communications covered by that
authorization are being encrypted with a key-escrow encryption method; (f)
specify the identifier (ID) number of the key escrow encryption chip
providing such encryption; and(g) specify the serial (ID) number of the
key-escrow decryption device that will be used by the agency participating
in the conduct of the interception for decryption of the intercepted
communications.

4)      This certification shall be submitted to each of the designated key
component escrow agents. If the certification has been provided by an
agency authorized to participate in the conduct of the interception, as
soon thereafter as practicable, an attorney associated with the Department
of Justice, office of Intelligence Policy and Review, shall provide each of
the key component escrow agents with written confirmation of the
certification.

5)      Upon receiving the certification, each key component escrow agent
shall release the necessary key component to the agency participating in
the conduct of the interception. The key components shall be provided in a
manner that assures they cannot be used other than in conjunction with the
lawfully authorized electronic surveillance for which they were requested.

6)      Each of the key component escrow agents shall retain a copy of the
certification, as well as the subsequent written confirmation of the
Department of Justice, Office of Intelligence Policy and Review.

7)      Upon, or prior to, completion of the electronic surveillance phase
of the investigation, the ability of the agency participating in the
conduct of the interception to decrypt intercepted communications shall
terminate, and such agency may not retain the key components.

These procedures do not create, and are not intended to create, any
substantive rights for individuals intercepted through electronic
surveillance, and noncompliance with these procedures shall not provide the
basis for any motion to suppress or other objection to the introduction of
electronic surveillance evidence lawfully acquired.

AUTHORIZATION PROCEDURES FOR RELEASE OF ENCRYPTION KEY 
COMPONENTS IN CONJUCTION WITH INTERCEPTS PURSUANT TO STATE 
STATUTES

Key component escrow agents may only release escrowed key components to 
law enforcement or prosecutorial authorities for use in conjunction with
lawfully authorized interception of communications encrypted with a key
escrow encryption method. These procedures apply to the release of key
components to State and local law enforcement or prosecutorial authorities
for use in conjunction with interceptions conducted pursuant to relevant
State statutes authorizing electronic surveillance, and Title III of the
omnibus Crime Control and Safe Streets Act of 1968, as amended, Title 18,
United States Code, Section 2510 et seq.

1)      The State or local law enforcement or prosecutorial authority must
be conducting an interception of wire and/or electronic communications
pursuant to lawful authorization.

2)      Requests for release of escrowed key components must be submitted
to the key component escrow agents by the principal prosecuting attorney of
the State, or of a political subdivision thereof, responsible for the
lawfully authorized electronic surveillance.

3)      The principal prosecuting attorney of such State or political
subdivision of such State shall submit with the request for escrowed key
components a certification that shall

(a) identify the law enforcement agency or other authority conducting the
interception and the prosecuting attorney responsible therefore; (b)
certify that necessary legal authorization for interception has been
obtained to conduct electronic surveillance regarding these communications;
(c) specify the termination date of the period for which interception has
been authorized (d) identify by docket number or other suitable method of
specification the source of the authorization; (e) certify that
communications covered by that authorization are being encrypted with a
key-escrow encryption method; (f) specify the identifier (ID) number of the
key escrow chip providing such encryption; and (g) specify the serial (ID)
number of the key-escrow decryption device that will be used by the law
enforcement agency or other authority for decryption the intercepted
communications.

4)      Such certification must be submitted by the principal prosecuting
attorney of that State or political subdivision to each of the designated
key component escrow agents.

5)      Upon receiving the certification from the principal prosecuting
attorney of the State or political subdivision, each key component escrow
agent shall release the necessary key component to the intercepting State
or local law enforcement agency or other authority. The key components
shall be provided in a manner that assures they cannot be used other than
in conjunction with the lawfully authorized electronic surveillance for
which they were requested.

6)      Each of the key component escrow agents shall retain a copy of the
certification of the principal prosecuting attorney of the State or
political subdivision. In addition, such prosecuting attorney shall provide
a copy of the certification to the Department of Justice.

7)      The U.S. Department of Justice may, to assure conformance with
these procedures, make inquiry of the certifying prosecuting attorney
regarding, inter alia, the genuineness of the certification and
confirmation of the existence of lawful authorization to conduct the
relevant electronic surveillance. The inquiry of the U.S. Department of
Justice will not involve intrusion into matters that must, under relevant
statute, be kept from public disclosure.

8) Upon, or prior to, completion of the electronic surveillance phase of
the investigation, the ability of the intercepting law enforcement agency
or other authority to decrypt intercepted communications shall terminate,
and the intercepting law enforcement agency or other authority may not
retain the key components.

These procedures do not create, and are not intended to create, any
substantive rights for individuals intercepted through electronic
surveillance, and noncompliance with these procedures shall not provide the
basis for any motion to suppress or other objection to the introduction of
electronic surveillance evidence lawfully acquired.

*****************************
A Plain Text on Crypto Policy
*****************************
For the October, 1993  Electronic Frontier column
in Communications of the ACM
by
John Perry Barlow

The field of cryptography, for centuries accustomed to hermetic isolation
within a culture as obscure as its own puzzles, is going public. People who
thought algorithms were maybe something you needed to dig rap music are
suddenly taking an active interest in the black arts of crypto.

We have the FBI and NSA to thank for this. The FBI was first to arouse
public concerns about the future of digital privacy with its  injection of
language year before last into a major Senate anti-crime bill (SB 266)
which would have registered the congressional intent that all providers of
digitized communications should provide law enforcement with analog access
to voice and data transmissions of their subscribers. 

When this was quietly yanked in committee, they returned with a proposed
bill called Digital Telephony. If passed, it would have essentially called
a halt to most American progress in telecommunications until they could be
assured of their continued ability to wiretap. Strange but true.

They were never able to find anyone in Congress technologically backward
enough to introduce this oddity for them, but they did elevate public
awareness of the issues considerably.  

The National Security Agency, for all its (unknown but huge) budget, staff,
and MIPS, has about as much real world political experience as the Order of
Trappists and has demonstrated in its management of cryptology export
policies the maddening counter-productivity that is the usual companion of
inexperience. 

The joint bunglings of these two agencies were starting to infuriate a lot
of people and institutions who are rarely troubled by Large Governmental
Foolishness in the Service of Paranoia. Along with all the usual paranoids,
of course. 

Then from the NSA's caverns in Fort Meade, Maryland there slouched a chip
called Clipper. 

For those of you who just tuned in (or who tuned out early), the Clipper
Chip...now called Skipjack owing to a trademark conflict...is a hardware
encryption device that NSA designed under Reagan-Bush. In April it was
unveiled by the Clinton Administration and proposed for both governmental
and public use. Installed in phones or other telecommunications tools, it
would turn any conversation into gibberish for all but the speaker and his
intended listener, using a secret military algorithm. 

Clipper/Skipjack is unique, and controversial, in that it also allows the
agents of government to listen under certain circumstances. Each chip
contains a key that is split into two parts immediately following
manufacture. Each half is then placed in the custody of some trusted
institution or "escrow agent." 

If, at some subsequent time, some government agency desires to legally
listen in on the owner of the communications device in which the chip has
been placed, it would present evidence of "lawful authority" to the escrow
holders. They will reveal the key pairs, the agency will join them, and
begin listening to the subject's unencrypted conversations.  

(Apparently there are other agencies besides law enforcement who can
legally listen to electronic communications.  The government has evaded
questions about exactly who will have access to these keys, or for that
matter, what, besides an judicial warrant, constitutes the "lawful
authority" to which they continually refer.)  

Clipper/Skipjack was not well received. The blizzard of anguished ASCII it
summoned forth on the Net has been so endlessly voluble and so painstaking
in its "How-many-Cray-Years-can-dance-on-the-head-of-a-Clipper-Chip"
technical detail that I would guess all but the real cypherpunks are by now
data-shocked into listlessness and confusion. 

Indeed, I suspect that even many readers of this publication...a group with
prodigious capacity for assimilating the arid and obscure...are starting to
long for the days when their knowledge of cryptography and the public
policies surrounding it was limited enough to be coherent. 

So I almost hesitate to bring the subject up. Yet somewhere amid this
racket, decisions are being made that will profoundly affect your future
ability to communicate without fear. Those who would sacrifice your liberty
for their illusions of public safety are being afforded some refuge by the
very din of opposition. 

In the hope of restoring both light and heat to the debate, I'm going to
summarize previous episodes, state a few conclusions I've drawn about the
current techno-political terrain, and recommend positions you might
When I first heard about Clipper/Skipjack, I thought it might not be such a
bad idea. This false conclusion was partly due to the reality distorting
character of the location...I was about fifty feet away from the Oval
Office at the time...but it also seemed like one plausible approach to what
may be the bright future of crime in the Virtual Age. 

I mean, I can see what the Guardian Class is worried about. The greater
part of business is already being transacted in Cyberspace. Most of the
money is there. At the moment, however, most of the monetary bits in there
are being accounted for. Accounting is digital, but cash is not. 

It is imaginable that, with the widespread use of digital cash and
encrypted monetary exchange on the Global Net, economies the size of
America's could appear as nothing but oceans of alphabet soup. Money
laundering would no longer be necessary. The payment of taxes might 
become more or less voluntary. A lot of weird things would happen after 
that...

I'm pretty comfortable with chaos, but this is not a future I greet without
reservation. 

So, while I'm not entirely persuaded that we need to give up our future
privacy to protect ourselves from drug dealers, terrorists, child
molesters, and un-named military opponents (the Four Horsemen of Fear
customarily invoked by our protectors), I can imagine bogeymen whose
traffic I'd want visible to authority. 

Trouble is, the more one learns about Clipper/Skipjack, the less persuaded
he is that it would do much to bring many actual Bad Guys under scrutiny. 

As proposed, it would be a voluntary standard, spread mainly by the market
forces that would arise after the government bought a few tons of these
chips for their own "sensitive but unclassified" communications systems. No
one would be driven to use it by anything but convenience. In fact, no one
with any brains would use it if he were trying to get away with anything. 

In fact, the man who claims to have designed Clipper's basic specs, Acting
NIST Director Ray Kammer, recently said,  "It's obvious that anyone who
uses Clipper for the conduct of organized crime is dumb." No kidding. At
least so long as it's voluntary. 

Under sober review, there mounted an incredibly long list of reasons to
think Clipper/Skipjack might not be a fully-baked idea. In May, after a
month of study, the Digital Privacy and Security Working Group, a coalition
of some 40 companies and organizations chaired by the Electronic Frontier
Foundation (EFF), sent the White House 118 extremely tough questions
regarding Clipper, any five of which should have been sufficient to put the
kibosh on it.  

The members of this group were not a bunch of hysterics. It includes DEC,
Hewlett-Packard, IBM, Sun, MCI, Microsoft, Apple, and AT&T (which was 
also, interestingly enough, the first company to commit to putting
Clipper/Skipjack in its own products). 

Among the more troubling of their questions: 

o       Who would the escrow agents be?

o       What are Clipper's likely economic impacts, especially in regard to
export of American digital products? 

o       Why is its encryption algorithm secret and why should the public
have confidence in a government-derived algorithm that can't be privately
tested? 

o       Why is Clipper/Skipjack being ram-rodded into adoption as a
government standard before completion of an over-all review of U.S.
policies on cryptography? 

o       Why are the NSA, FBI, and NIST stone-walling Freedom of Information
inquiries about Clipper/Skipjack? (In fact, NSA's response has been,
essentially, "So? Sue us.")

o       Assuming Clipper/Skipjack becomes a standard, what happens if the
escrow depositories are compromised? 

o       Wouldn't these depositories also become targets of opportunity for
any criminal or terrorist organization that wanted to disrupt US. law
enforcement? 

o       Since the chip transmits its serial number at the beginning of each
connection, why wouldn't it render its owner's activities highly visible
through traffic analysis (for which government needs no warrant)?

o       Why would a foreign customer buy a device that exposed his
conversations to examination by the government of the United States? 

o       Does the deployment and use of the chip possibly violate the 1st,
4th, and 5th Amendments to the U.S. Constitution? 

o       In its discussions of Clipper/Skipjack, the government often uses
the phrase "lawfully authorized electronic surveillance." What, exactly, do
they mean by this?

o       Is it appropriate to insert classified technology into either the
public communications network or into the general suite of public
technology standards?

And so on and so forth. As I say, it was a very long list.  On July 29,
John D. Podesta, Assistant to the President and White House Staff Secretary
(and, interestingly enough, a former legal consultant to EFF and Co-Chair
of the Digital Privacy Working Group), responded to these questions. He
actually answered few of them. 

Still un-named, undescribed, and increasingly unimaginable were the escrow
agents. Questions about the inviolability of the depositories were met with
something like, "Don't worry, they'll be secure. Trust us."

There seemed a lot of that in Podesta's responses. While the government had
convened a panel of learned cryptologists to examine the classified
Skipjack algorithm, it had failed to inspire much confidence among the
crypto establishment, most of whom were still disinclined to trust anything
they couldn't whack at themselves. At the least, most people felt a proper
examination would take longer than the month or so the panel got. After
all, it took fifteen years to find a hairline fissure in DES .   

But neither Podesta nor any other official explained why it had seemed
necessary to use a classified military algorithm for civilian purposes. Nor
were the potential economic impacts addressed. Nor were the concerns about
traffic analysis laid to rest. 

But as Thomas Pynchon once wrote, "If they can get you asking the wrong
questions, they don't have to worry about the answers." Neither asked nor
answered in all of this was the one question that kept coming back to me:
Was this trip really necessary? 

For all the debate over the details, few on either side seemed to be
approaching the matter from first principles. Were the enshrined
threats...drug dealers, terrorists, child molesters, and foreign
enemies...sufficiently and presently imperiling to justify fundamentally
compromising all future transmitted privacy? 

I mean...speaking personally now...it seems to me that America's greatest
health risks derive from the drugs that are legal, a position the
statistics overwhelmingly support. And then there's terrorism, to which we
lost a total of two Americans in 1992, even with the World Trade Center
bombing, only 6 in 1993. I honestly can't imagine an organized ring of
child molesters, but I suppose one or two might be out there. And the last
time we got into a shooting match with another nation, we beat them by a
kill ratio of about 2300 to 1. 

Even if these are real threats, was enhanced wire-tap the best way to
combat them? Apparently, it hasn't been in the past. Over the last ten
years the average total  nation-wide number of admissible state and federal
wire-taps has numbered less than 800. Wire-tap is not at present a major
enforcement tool, and is far less efficient than the informants, witnesses,
physical evidence, and good old fashioned detective work they usually rely
on. 

(It's worth noting that the World Trade Center bombing case unraveled, not
through wire-taps, but with the discovery of the axle serial number on the
van which held the explosives.)

Despite all these questions, both unasked and unanswered, Clipper continues
(at the time of this writing) to sail briskly toward standardhood, the full
wind of government bearing her along. 

On July 30, NIST issued a request for public comments on its proposal to
establish Clipper/Skipjack as a Federal Information Processing Standard
(FIPS).  All comments are due by September 28, and the government seems
unwilling to delay the process despite the lack of an overall guiding
policy on crypto. Worse, they are putting a hard sell on Clipper/Skipjack
without a clue as to who might be escrow holders upon whose political
acceptability the entire scheme hinges.

Nor have they addressed the central question: why would a criminal use a
key escrow device unless he were either very stupid...in which case he'd be
easily caught anyway...or simply had no choice. 

All this leads me to an uncharacteristically paranoid conclusion:  

The Government May Mandate Key Escrow Encryption and Outlaw Other 
Forms. 

It is increasingly hard for me to imagine any other purpose for the
Clipper/Skipjack operetta if not to prepare the way for the restriction of
all private cryptographic uses to a key escrow system. If I were going to
move the American people into a condition where they might accept
restrictions on their encryption, I would first engineer the wide-spread
deployment of a key escrow system on a voluntary basis, wait for some 
blind sheik to slip a bomb plot around it and then say, "Sorry, folks this ain't
enough, it's got to be universal."

Otherwise, why bother? Even its most ardent proponents admit that no
intelligent criminal would trust his communications to a key escrow device.
On the other hand, if nearly all encrypted traffic were Skipjack-flavored,
any transmission encoded by some other algorithm would stick out like a
licorice Dot. 

In fact, the assumption that Cyberspace will roar one day with Skipjack
babble lies behind the stated reason for the secrecy for the algorithm. In
their Interim Report, the Skipjack review panel puts it this way:

Disclosure of the algorithm would permit the construction of devices that
fail to properly implement the LEAF [or Law Enforcement Access Field],
while still interoperating with legitimate SKIPJACK devices.  Such devices
would provide high quality cryptographic security without preserving the
law enforcement access capability that distinguishes this cryptographic
initiative. 

In other words, they don't want devices or software out there that might
use the Skipjack algorithm without depositing a key with the escrow
holders. (By the way, this claim is open to question. Publishing Skipjack
would not necessarily endow anyone with the ability to build an
interoperable chip.)

Then there was the conversation I had with a highly-placed official of the
National Security Council in which he mused that the French had, after all,
outlawed the private use of cryptography, so it weren't as though it
couldn't be done. (He didn't suggest that we should also emulate France's
policy of conducting espionage on other countries' industries, though
wide-spread international use of Clipper/Skipjack would certainly enhance
our ability to do so.)

Be that as it may, France doesn't have a Bill of Rights to violate, which
it seems to me that restriction of cryptography in America would do on
several counts. 

Mandated encryption standards would fly against the First Amendment, 
which surely protects the manner of our speech as clearly as it protects the
content. Whole languages (most of them patois) have arisen on this planet
for the purpose of making the speaker unintelligible to authority. I know
of no instance where, even in the oppressive colonies where such languages
were formed, that the slave-owners banned their use.

Furthermore, the encryption software itself is written expression, upon
which no ban may be constitutionally imposed. (What, you might ask then,
about the constitutionality of restrictions on algorithm export. I'd say
they're being allowed only because no one ever got around to testing from
that angle.) 

The First Amendment also protects freedom of association. On several
different occasions, most notably NAACP v. Alabama ex rel. Patterson and
Talley vs. California, the courts have ruled that requiring the disclosure
of either an organization's membership or the identity of an individual
could lead to reprisals, thereby suppressing both association and speech. 
Certainly in a place like Cyberspace where everyone is so generally
"visible," no truly private "assembly" can take place without some
technical means of hiding the participants.

It also looks to me as if the forced imposition of a key escrow system
might violate the Fourth and Fifth Amendments. 

The Fourth Amendment prohibits secret searches. Even with a warrant, 
agents of the government must announce themselves before entering and 
may not seize property without informing the owner. Wire-taps inhabit a 
gray-ish area of the law in that they permit the secret "seizure" of an actual
conversation by those actively eavesdropping on it. The law does not permit
the subsequent secret seizure of a record of that conversation. Given the
nature of electronic communications, an encryption key opens not only the
phone line but the filing cabinet.

Finally, the Fifth Amendment protects individuals from being forced to
reveal self-incriminating evidence. While no court has ever ruled on the
matter vis a vis encryption keys, there seems something involuntarily
self-incriminating about being forced to give up your secrets in advance.
Which is, essentially, what mandatory key escrow would require you to do.

For all these protections, I keep thinking it would be nice to have a
constitution like the one just adopted by our largest possible enemy,
Russia. As I understand it, this document explicitly forbids governmental
restrictions on the use of cryptography.

For the moment, we have to take our comfort in the fact that our
government...or at least the parts of it that state their
intentions...avows both publicly and privately that it has no intention to
impose key escrow cryptography as a mandatory standard. It would be, to 
use Podesta's mild word, "imprudent." 

But it's not Podesta or anyone else in the current White House who worries
me. Despite their claims to the contrary, I'm not convinced they like
Clipper any better than I do. In fact, one of them...not Podesta...called
Clipper "our Bay of Pigs," referring to the ill-fated Cuban invasion cooked
up by the CIA under Eisenhower and executed (badly) by a reluctant 
Kennedy Administration. The comparison may not be invidious.

It's the people I can't see who worry me. These are the people who actually
developed Clipper/Skipjack and its classified algorithm, the people who,
through export controls, have kept American cryptography largely to
themselves, the people who are establishing in secret what the public can
or cannot employ to protect its own secrets. They are invisible and silent
to all the citizens they purportedly serve save those who sit the
Congressional intelligence committees. 

In secret, they are making for us what may be the most important choice
that has ever faced American democracy, that is, whether our descendants
will lead their private lives with unprecedented mobility and safety from
coercion, or whether every move they make, geographic, economic, or
amorous, will be visible to anyone who possesses whatever may then
constitute "lawful authority." 


Who Are the Lawful Authorities?

Over a year ago, when I first fell down the rabbit hole into Cryptoland, I
wrote a Communications column called Decrypting the Puzzle Palace. In it, I
advanced what I then thought a slightly paranoid thesis, suggesting that
the NSA-guided embargoes on robust encryption software had been driven 
not by their stated justification (keeping good cryptography out of the
possession of foreign military adversaries) but rather restricting its use
by domestic civilians.

In the course of writing that piece, I spoke to a number of officials,
including former CIA Director Stansfield Turner and former NSA Director
Bobby Ray Inman, who assured me that using a military organization to 
shape domestic policy would be "injudicious" (as Turner put it), but no one 
could think of any law or regulation that might specifically prohibit the NSA
from serving the goals of the Department of Justice.

But since then I've learned a lot about the hazy Post-Reagan/Bush lines
between law enforcement and intelligence. They started redrawing the map 
of authority early in their administration with Executive Order 12333, issued
on December 4, 1981. (Federal Register #: 46 FR 59941)

This sweeping decree defines the duties and limitations of the various
intelligence organizations of the United States and contains the following
language:

1.4  The Intelligence Community.  The agencies within the Intelligence
Community shall...conduct intelligence activities necessary for the...
protection of the national security of the United States, including:  
...   
(c) Collection of information concerning, and the conduct of activities to
protect against, intelligence activities directed against the United
States, international terrorist and international narcotics activities, and
other hostile activities directed against the United States by foreign
powers, organizations, persons, and their agents;  (Italics Added)


Further, in Section 2.6, Assistance to Law Enforcement Authorities,
agencies within the Intelligence Community are 

authorized to...participate in law enforcement activities to investigate or
prevent clandestine intelligence activities by foreign powers, or
international terrorist or narcotics activities.

In other words, the intelligence community was specifically charged with
investigative responsibility for international criminal activities in the
areas of drugs and terrorism. 

Furthermore, within certain fairly loose guidelines, intelligence
organizations are "authorized to collect, retain or disseminate information
concerning United States persons" that may include "incidentally obtained
information that may indicate involvement in activities that may violate
federal, state, local or foreign laws."

Given that the NSA monitors a significant portion of all the electronic
communications between the United States and other countries, the
opportunities for "incidentally obtaining" information that might
incriminate Americans inside America are great. 

Furthermore, over the course of the Reagan/Bush administration, the job of
fighting the War on Some Drugs gradually spread to every element of the
Executive Branch.  

Even the Department of Energy is now involved. At an Intelligence 
Community conference last winter I heard a proud speech from a DOE official 
in which he talked about how some of the bomb-designing supercomputers 
at Los Alamos had been turned to the peaceful purpose of sifting through 
huge piles of openly available data...newspapers, courthouse records, etc....in 
search of patterns that would expose drug users and traffickers. They are 
selling their results to a variety of "lawful authorities," ranging from the
Southern Command of the U.S. Army to the Panamanian Defense Forces to
various County Sheriff's Departments. 

"Fine," you might say, "Drug use is a epidemic that merits any cure." But I
would be surprised if there's anyone who will read this sentence who has
broken no laws whatever. And it's anybody's guess what evidence of other
unlawful activities might be "incidentally obtained" by such a wide net as
DOE is flinging. 

The central focus that drugs and terrorism have assumed within the
intelligence agencies was underscored for me by a recent tour of the
central operations room at the CIA. There, in the nerve center of American
intelligence, were desks for Asia, Europe, North America, Africa and
"Middle East/Terrorism," and "South America/Narcotics." These bogeymen 
are now the size of continents on the governmental map of peril. 

Given this perception of its duties, the NSA's strict opposition to the
export of strong cryptographic engines, hard or soft,  starts to make more
sense. They are not, as I'd feared, so clue-impaired as to think their
embargoes are denying any other nation access to good cryptography.
(According to an internal Department of Defense analysis of crypto policy,
it recently took 3 minutes and 14 seconds to locate a source code version
of DES on the Internet.) 

Nor do they really believe these policies are enhancing national security
in the traditional, military sense of the word, where the U.S. is, in any
case, already absurdly over-matched to any national adversary, as was
proven during the Gulf War.  

It's the enemies they can't bomb who have them worried, and they are
certainly correct in thinking that the communications of drug traffickers
and whatever few terrorists as may actually exist are more open to their
perusal than would be the case in a world where even your grandmother's
phone conversations were encrypted. 

And Clipper or no Clipper, such a world would be closer at hand if
manufacturers hadn't known than any device that embodies good encryption
would not be fit for export. 

But with Clipper/Skipjack, there is a lot that the combined forces of
government will be able to do to monitor all aspects of your behavior
without getting a warrant. Between the monitoring capacities of the NSA,
the great data-sieves of the Department of Energy, and the fact that, in
use, each chip would continually broadcast the whereabouts of its owner,
the government would soon be able to isolate just about every perpetrator
among us. 

I assume you're neither a drug-user nor a terrorist, but are you ready for
this? Is your nose that clean? Can it be prudent to give the government
this kind of corrupting power? 

I don't think so, but this is what will happen if we continue to allow the
secret elements of government to shape domestic policy as though the only
American goals that mattered were stopping terrorism (which seems pretty
well stopped already) and winning the War on Some Drugs (which no 
amount of force will ever completely win). 

Unfortunately, we are not able to discuss priorities with the people who
are setting them, nor do they seem particularly amenable to any form of
authority. In a recent discussion with a White House official, I asked for
his help in getting the NSA to come out of its bunker and engage in direct
and open discussions about crypto embargoes, key escrow, the Skipjack
algorithm, and the other matters of public interest.

"I'll see what we can do," he said. 

"But you guys are the government," I protested. "Surely they'll do as you
tell them."

"I'll see what we can do," he repeated, offering little optimism.  

That was months ago. In the meantime, the NSA has not only remained 
utterly unforthcoming in public discussions of crypto policy, they have 
unlawfully refused to comply with any Freedom of Information Act requests 
for documents in this area. 

It is time for the public to reassert control over their own government. It
is time to demand that public policy be made in public by officials with
names, faces, and personal accountability.

When and if we are able to actually discuss crypto policy with the people
who are setting it, I have a list of objectives that I hope many of you
will share. There are as follows:

1.      There should no law restricting any use of cryptography by private
citizens.

2.      There should be no restriction on the export of cryptographic
algorithms or any other instruments of cryptography.

3.      Secret agencies should not be allowed to drive public policies.

4.      The taxpayer's investment in encryption technology and related
mathematical research should be made available for public and scientific
use.            
5.      The government should encourage the deployment of wide-spread
encryption.

6.      While key escrow systems may have purposes, none should be
implemented that places the keys in the hands of government. 
 
7.      Any encryption standard to be implemented by the government should
developed in an open and public fashion and should not employ a secret
algorithm. 

And last, or perhaps, first...

8.      There should be no broadening of governmental access to private
communications and records unless there is a public consensus that the
risks to safety outweigh the risks to liberty and will be effectively
addressed by these means.    

If you support these principles, or even if you don't, I hope you will
participate in making this a public process. And there are a number of
actions you can take in that regard.

The National Institute of Standards and Technology (NIST) has issued a
request for public comments on its proposal to establish the "Skipjack"
key-escrow system as a Federal Information Processing Standard.  You've 
got until September 28 to tell them what you think of that. Comments on the
NIST proposal should be sent to:

Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

If you belong to or work for an organization, you can encourage that
organization to join the Digital Privacy Working Group. To do so they
should contact EFF's Washington office at:

Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC    20001
202/347-5400
Fax 202/393-5509
eff@eff.org

I also encourage individuals interested in these issues to either join EFF,
Computer Professionals for Social Responsibility, or one of the related
local organizations which have sprung up around the country. For the
addresses of a group in your area, contact EFF. 


New York City, New York
Monday, September 6, 1993


***************************
Crypto Conference in Austin
***************************

          EFF / EFF-Austin Cryptography Conference
       September 22, 1993 - Ramada Inn North, Austin
                 9220 N. IH-35 at Rundberg

Introductory Remarks: 1 to 1:30 p.m.
     Steve Jackson - Welcome.
     Bruce Sterling - Keynote Address.
 
Panel #1: 1:45 to 3:00. POLICY.
     Mitch Kapor
     Jerry Berman
     Dave Farber

Panel #2: 3:15 to 4:30. LAW ENFORCEMENT.
     Esther Dyson
     Mike Godwin
     FBI Representative (invited but not confirmed)
     (Possibly others tba)

Panel #3: 4:45 to 6:00. CYPHERPUNKS.
     John Perry Barlow
     Eric Hughes
     John Gilmore
     (Possibly others tba)
     
Dinner Break: 6 to 8 p.m. Everyone is on their own. The hotel
     restaurant will offer a buffet, or you can order from the
     menu, or there is other good dining nearby.

Reception: 8-10 p.m. - cash bar, everyone is invited.


*****************************
Virginians Against Censorship
*****************************

P.O. BOX 64608 - VIRGINIA BEACH, VA  23467           (804) 499-3303

In a revolution as significant as that of the printing press, computers are
changing the way we communicate and store knowledge.  Gutenberg's 
invention led to our Constitutional protection of Freedom of the Press.  Will 
this protection be extended to speech in the form of electrons?

In order to give citizens an opportunity to examine the issues, Virginians
Against Censorship will hold a free informational program, The First
Amendment in Cyberspace, on Thursday, September 30, 1993, at 7:00pm in
meeting room B of the Virginia Beach Central Library, 4100 Virginia Beach
Blvd.

Everyone is invited to hear Shari Steele, Director of Legal Services for
the Electronic Frontier Foundation describe threats to civil liberties in
cyberspace:  seizure of a publishing company's computers because an
employee was suspected of hacking; seizure and erasure of email messages
from and to people who were suspected of nothing at all; arrest and trial
of a teenage electronic magazine publisher because information in an
article had originally been hacked; refusal of the government to permit
development of encryption software that would allow individual citizens to
protect their privacy.  Law enforcement excesses don't mean there's no need
for law on the electronic frontier, but that law must be created and
monitored by informed citizens.

To register for this program, call 804/431-3071 between 9:00am and 
5:00pm.
     For more information, call Carolyn Caywood at 804/460-7518.
                      Internet: ccaywood@wyvern.wyvern.com


=============================================================

     EFFector Online is published biweekly by:

     Electronic Frontier Foundation
     1001 G Street, N.W., Suite 950 East
     Washington, DC  20001  USA
     Phone:  +1 202 347 5400  FAX:  +1 202 393 5509
     Internet Address:  eff@eff.org

     Coordination, production and shipping by Shari Steele,
     Director of Legal Services & Community Outreach (ssteele@eff.org)

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the view of the EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

     *This newsletter is printed on 100% recycled electrons.*
=============================================================

MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION

In order to continue the work already begun and to expand our efforts and
activities into other realms of the electronic frontier, we need the
financial support of individuals and organizations.

If you support our goals and our work, you can show that support by
becoming a member now. Members receive our bi-weekly electronic 
newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member.

Your membership/donation is fully tax deductible.

Our memberships are $20.00 per year for students and $40.00 per year for
regular members.  You may, of course, donate more if you wish.

=============================================================
Mail to: 
         Membership Coordinator
         Electronic Frontier Foundation
         1001 G Street, N.W.
         Suite 950 East
         Washington, DC  20001  USA

Membership rates:
            $20.00 (student or low income membership)
            $40.00 (regular membership)


[   ]  I wish to become a member of the EFF.  I enclose: $_______
[   ]  I wish to renew my membership in the EFF.  I enclose: $_______
[   ]  I enclose an additional donation of $_______

Name:

Organization:

Address:

City or Town:

State:            Zip:           Phone: (      )                  (optional)

FAX: (      )                   (optional)

E-mail address:

I enclose a check [  ].
Please charge my membership in the amount of $
to my Mastercard [  ]  Visa [  ]  American Express [  ]

Number:

Expiration date:

Signature: ______________________________________________

Date:

I hereby grant permission to the EFF to share my name with
other nonprofit groups from time to time as it deems
appropriate.                       Initials:______________________

Back to top

JavaScript license information