I've chosen to focus mainly on the 'Key Escrow' issue as it best represents the most visible and well known aspect of the issue:
- Although there is no explicit "right of privacy" enumerated
in the U.S. Constitution, the assumption that an individual
is to be secure in his papers, home, etc., absent a valid
warrant, is central. (There has never been a ruling or law
that persons have to speak in a language that is
understandable by eavesdroppers, wiretappers, etc., nor has
there ever been a rule banning private use of encrption. I
mention this to remind readers of the long history of
crypto freedom.) c.199_ (?) [checked 2008-06-15]
FOCUS: U.S. relaxes export limits on encryption
- September 16, 1998
...The plan will ease controls on 56-bit products, well-below the 128-bit
keys used in cutting-edge products.
Privacy advocates criticized the plan for helping big companies but
leaving ordinary users out in the cold.
"The administration is pursuing a divide-and-conquer strategy," said
Alan Davidson, staff counsel at the Center for Democracy and
Technology in Washington. "Unfortunately, the last person left standing
is the average user, like ordinary people using the Internet or human rights
workers worldwide who rely on encryption."...
In the news:
NSA Frees Secret Crypto Schemes (Skipjack) Wired 6/23/98
...Tuesday's action also closes the
book on a five-year-old federal government effort
to build a secret eavesdropping "backdoor" into
phones and other consumer devices. (sic - I have this bridge...)
[Bruce] Schneier characterized the Skipjack algorithm as
"ugly," "very slow," and "very boring," and added
that it was high-risk, meaning that is is easily
compromised by an enemy and thus not suited for
secret communications.
FBI Eyes Easier In for Wireless - Wired - 7/18/98
John Perry Barlow: Clipper, in case you're just tuning in, is an encryption chip that the National Security Agency and
FBI hope will someday be in every phone and computer in America. It scrambles your
communications, making them unintelligible to all but their intended recipients. All, that is, but the
government, which would hold the "key" to your chip. The key would separated into two pieces, held
in escrow, and joined with the appropriate "legal authority."
Computers, Ethics, and Social Responsibility
Projects from Stanford University - Spring Quarter 1995-96
The Clipper Chip
(selected excerpts)
Pro:
3. Right of Citizens to Privacy from the government
The thought of the FBI wiretapping my communications appeals to me about as much as its searching my home and seizing my papers. But the Constitution does not give us absolute privacy from court-ordered searches and seizures, and for good reason. Lawlessness would prevail. Nowhere in the Constitution is the right to complete privacy assured to U.S. citizens, just as the right to complete freedom of speech is not granted.
The Clipper Chip is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities. The government would have the same ability to tap phones that it has had for a very long time now. Without any cryptography at all, anybody can tap your phone and listen in to your conversation. The Clipper Chip prevents anybody but court-authorized law-enforcement agents to tap your phone. ...
--------------
Con:
1. The Need for Wiretaps
...The question is, who do you trust, and for most Americans the government isn't high on that list. Creating a government enforced cryptography system will only create more beauracracy, and more drains on taxpayers money. How can one justify creating only one form of encryption and then using taxpayer's money to fund those who may be spying on them?
...Mass capabilities for spying open up new questions as to who is allowed access to private information on others. Before a government mandated chip can be used, there needs to be a readdressment of the entire structure of the law enforcement system.
2. Threat to lawful surveillance
(re: criminal use)...then what difference does the clipper chip make?
Either they won't purchase it, and use what they presently have, or they'll find ways around it. Nothing will stop them from buying their own software and encrypting their message before they send it out through clipper. Thus, they'll have a doubly encrypted message that even if the government sees the first decoding, they won't be able to get past the second. The black market for such programs will be quite
lucrative, and where there's money involved there will definitely be interest.
...The clipper chip relies on a classified algorithm (declassified 6/23/98 - see 'In the news' above), thus it has never been tested by outside sources. Many experts believe that the NSA, who created the chip, might very well have created a way to eavesdrop without having to create the family key, thus circumventing the legal procedure. ...
3. Rights of Citizens
..Favoritism, the American way, will become a standard, giving those already in power just a little more leverage.
Other interesting works at Stanford University
- Excerpts from a law professor's view.
© A. Michael Froomkin, 1996. - Excerpts reprinted with permission.
Send comments to A. Michael
Froomkin
"Although the Clipper chip failed to catch on, the long-term policy of which it is a
part seems to have accomplished at least its objective of playing for time.
"...Not everyone accepts that the government should have the right to acquire the
contents of personal communications and data. Nevertheless, in this article I will
assume without argument that surveillance and information acquisition conducted
pursuant to the rule of law, such as a valid warrant or other lawful government
order, is the legitimate fruit of a legitimate policy choice in a democratic society.
From this perspective--which is surely the perspective of policy makers who have
the duty of executing those laws--legitimate national policy is frustrated when a
wiretap is thwarted because the FBI cannot decode the conversation or a search
warrant is unproductive because the police cannot decrypt the suspect's hard
drive.
"...In February 1996, about two years after the Administration originally promised to
promulgate a personal use exception, it became legal to take strong cryptographic
programs abroad, on a laptop computer for example, for personal use.{39}
"...U.S. law currently imposes no restriction on sending encrypted
messages abroad, regardless of the strength of the encryption. The ITAR prohibit
the export of the means to encrypt messages, not the messages themselves.
"...For example, Netscape browsers were recently found to have
a bug in their random number generators that resulted in predictable patterns in
the numbers used to encrypt communications.{83} No test using an input-output
table could detect this kind of error, but it is no less fatal.
(note: a French student and another
group had also cracked the 40 bit version but there seems little
Netscape can or will do - aj) ...and yet another reported crack of RSA's 40 bit in Jan '97 - then 48 bit bites the dust...
and by June '97 '56 bit' is eaten using massive distributed processing - then on July 17, 1998 The Electronic Frontier Foundation cracked a 56 bit DES key on a single machine.
- this was the Federal Standard for years)
"...Despite these enormous obstacles to commercial viability, the software key
escrow plan was founded on the accurate observation that if businesses began to
encrypt their data with strong ciphers, they would need some means to access
that data in emergencies. Security professionals call this "key management," but
they mean something that is not identical to key escrow. Wise key management
involves ensuring access to copies of keys used in the course of business. For
a corporation encrypting its information, fail-safe access to critical data is
essential. However, not all keys are equal. Access to the keys that safeguard
corporate records might be more important than access to an employee's e- mail,
although one could imagine circumstances, such as litigation, in which access to
e-mail was necessary to reconstruct a transaction. Keys encrypting telephone
conversations might be less important still, although even they might be useful if
the firm imagines that it, or the police, might need to eavesdrop on employees in
the course of an investigation of fraud or theft.
The software key escrow proposal extended to all keys used in communications,
including telephones, but it did not involve the "escrow" of keys used in digital
signatures. Indeed, escrow of digital-signature keys would be a very bad idea. For
one thing, businesses would have little need to ensure emergency access to keys
that give employees the power to do something because a well-designed key
management system allows the appropriate authorities to revoke and create
individuals' authorizations at will. For example, a corporation might issue digitally
signed certificates authorizing the holder of a digital-signature key to sign things in
the corporate name or to transact up to a defined dollar limit. Each
digital-signature key is unique, and identifies the persons involved in the
transaction just as much as it authenticates them as legitimate corporate
representatives. A supplier presented with an employee's digital signature would
ordinarily check to ensure that the certificate backing up that signature was valid
before relying on it. This authentication usually requires a real-time check on the
continuing validity of the corporate certificate. If the employee's authorization
lapsed for any reason, the corporation could easily revoke the certificate, making
continuing authentication of the employee's digital signature impossible. As a
result, a business using certificated digital signatures in its transactions would
never need to forge an employee's digital signature, and would not want to create
this capability for anyone else. The company retains control over delegated
powers without needing to be able to pretend to be the employee.
Worse, "escrow" of a digital-signature key would tend to undermine one of the
most important and useful features of a digital-signature system. So long as the
user keeps control of her key, a message digitally signed by the user's key
demonstrates beyond almost any doubt that the message was actually sent by that
person and that it has not been altered in any way since it was signed. Admitting
any challenge to the uniqueness of the signature would introduce a destructive
element of doubt to this assurance, and would elevate the claim that a digital
signature had been forged from the incredible to the conceivable. To its credit, the
Administration recognized this and sought to exclude digital-signature keys from
its key escrow proposal.
Overall, the software key escrow plan sought to expand users' evident need for
some sort of key archive in two directions that were less obviously in tune with
users' interests. First the plan would have applied to encrypted communications,
such as telephone conversations, as well as to stored data, although it was far
from obvious that many would have chosen to archive keys used for
communication rather than storage. Some companies might reasonably feel that
they benefit from having the ability to eavesdrop on their employees. Some
companies might reasonably conclude that they are better off if the government
can easily investigate employees suspected of misdeeds. For these corporations,
fraud prevention might be more important than employee and corporate privacy.
Other companies might feel differently. Whatever the corporate view, individuals
derive no direct personal benefit from making it possible for the government to
tap their telephones, although society as a whole might gain some benefit from the
increased effectiveness of law enforcement.
...On May 30, 1996, the National Research Council released a prepublication draft
of Cryptography's Role in Securing the Information Society ("CRISIS"),
emphasizing the cost to the United States of not having strong, widely deployed
cryptography in an age of large information-security vulnerabilities that could
affect important civilian applications. The Committee that authored the report was
drawn from leaders in national security, law, foreign relations, communications,
and computer science. The Report is unusually thorough, containing a wealth of
information on cryptography and cryptography policy, and its conclusions are
likely to shape the cryptography debate.
...
On the question of whether the gains to national security from secure
communications and data storage outweigh the losses to law enforcement and
national security, the Report concludes that, "on balance, the advantages of more
widespread use of cryptography outweigh the disadvantages." The Report does
not, however, recommend that the application of the ITAR to cryptography be
discontinued. Instead, it recommends that export controls on cryptography "should
be progressively relaxed but not eliminated," with most export control on
fifty-six-bit DES being removed immediately so long as the products cannot be used
to generate 3-DES.
The decision to draw the line at DES has all the earmarks of a political compromise. ...
--
39. See 61 Fed Reg 6111 (Feb 16, 1996) (personal use exception to ITAR). The
regulations, however, impose surprisingly extensive record keeping requirements
on anyone who takes an encryption program to a foreign country. See id.
83. See John Markoff, Security Flaw is Discovered in Software Used in
Shopping, NY Times A1 (Sept 19, 1995); Netscape, Welcome to Netscape
Navigator Version 2.01, available online at http://
partner.netscape.com/eng/mozilla/2.01/relnotes/unix- 2.01.html#Security
(describing problem with implementation of random number generator and
announcing bugfix)
(quoted with Professor Froomkin's, "That looks ok, but there's a typo...") - Thank you Professor -
I redid it - aj
Note: Professor Froomkin is also listed as being on the Advisory Committee of PrivacyExchange.Org
---
Pro & Con - Cryptologists Ronald Rivest
(the 'R' in RSA) vs. Dorothy
Denning (Georgetown University) on the impact of Clipper
The Indifferent Negroponte
The Whitehouse
The FBI
The Clipper technology
The Capstone (Clipper's little bro.) technology
The E.F.F.'s
co-founder John Perry Barlow's
Decrypting The
Puzzle Palace
Misc.:
Recently found:
The Melissa virus is ten years old
----
Sophos commemorates the tenth anniversary of the Melissa virus outbreak, one of the first email-aware worms which brought businesses to a standstill in 1999. Learn what the virus did, how its author was caught and the impact that the Melissa virus had on future malware authors in this indepth blog posting.
http://www.sophos.com/blogs/gc/g/2009/03/26/memories-melissa-virus
GhostNet: Are the Chinese government really behind it?
----
Canadian researchers, called in by the Dalai Lama to investigate reports of malware on Tibetan government systems, has published a detailed investigation into high profile targets around the world that have been compromised by a spyware network dubbed GhostNet. But is there enough evidence to confidently claim that the Chinese authorities are behind the attacks?
http://www.sophos.com/blogs/gc/g/2009/03/29/ghostnet
"http://www.naw.org/41598-2.html By
Reuters Special to CNET NEWS.COM April 15, 1998
BRISBANE--Concerns about the security of messages transmitted on the Internet are no longer
valid, the founder of the World Wide Web Tim Berners-Lee said..." (it seems that between visits to The National Assoc. of
Webmasters the start of the
article above was dropped)...I think they disagree!
Whitfield
Diffie, co-inventor of public key encryption talks about privacy.
And in the news: Privacy in the Digital Age - The New York Times, July 6, 1998, p. A10.
including a response by FBI Director Louis J. FREEH
and the following in reponse to one authors query: Would any of the members of the NAS CRISIS cryptography study panel know if
keystroke surveillance one of the technologies proposed for the FBI as an
alternative to GAK? ...
at http://jya.com/gaks-de.htm
...In fact, under WIPO it would already be illegal to just
disassemble and debug the relevant part of the OS to check to see if
there was code in there to log and report keystrokes even if it was not
encrypted or otherwise protected. And no doubt at all but that the
rights enforcement software will be encrypted and otherwise protected
just to make sure that anyone tampering with it or even just examining
it for security flaws (such as keystroke recorders) would clearly be
flagrantly violating WIPO in an unambiguous as possible way.
While confined here in the Birmingham City Jail, I came across your recent
statement calling our present activities "unwise and untimely." Seldom, if ever, do I
pause to answer criticism of my work and ideas...But since I feel that you are men
of genuine good will and your criticisms are sincerely set forth, I would like to
answer your statement in what I hope will be patient and reasonable terms. ...- MLK, Jr
For more: HandiLink's crypto directory with a news search on cryptography at the bottom - pretty good.
The Encryption Debate 
