The Encryption Debate

More snoopers!

I've chosen to focus mainly on the 'Key Escrow' issue as it best represents the most visible and well known aspect of the issue:

Government control

Cypherpunk FAQ: "Why is crypto so important?"

2.5 - Crypto
2.5.1. "Why is crypto so important?"
  • + The three elements that are central to our modern view of liberty and privacy (a la Diffie)
    - protecting things against theft
    - proving who we say we are
    - expecting privacy in our conversations and writings
  • - Although there is no explicit "right of privacy" enumerated in the U.S. Constitution, the assumption that an individual is to be secure in his papers, home, etc., absent a valid warrant, is central. (There has never been a ruling or law that persons have to speak in a language that is understandable by eavesdroppers, wiretappers, etc., nor has there ever been a rule banning private use of encrption. I mention this to remind readers of the long history of crypto freedom.) c.199_ (?) [checked 2008-06-15]

    FOCUS: U.S. relaxes export limits on encryption - September 16, 1998

    ...The plan will ease controls on 56-bit products, well-below the 128-bit keys used in cutting-edge products.
    Privacy advocates criticized the plan for helping big companies but leaving ordinary users out in the cold.
    "The administration is pursuing a divide-and-conquer strategy," said Alan Davidson, staff counsel at the Center for Democracy and Technology in Washington. "Unfortunately, the last person left standing is the average user, like ordinary people using the Internet or human rights workers worldwide who rely on encryption."...

    In the news:
    NSA Frees Secret Crypto Schemes (Skipjack) Wired 6/23/98
    ...Tuesday's action also closes the book on a five-year-old federal government effort to build a secret eavesdropping "backdoor" into phones and other consumer devices. (sic - I have this bridge...)

    [Bruce] Schneier characterized the Skipjack algorithm as "ugly," "very slow," and "very boring," and added that it was high-risk, meaning that is is easily compromised by an enemy and thus not suited for secret communications.

    FBI Eyes Easier In for Wireless - Wired - 7/18/98

    John Perry Barlow: Clipper, in case you're just tuning in, is an encryption chip that the National Security Agency and FBI hope will someday be in every phone and computer in America. It scrambles your communications, making them unintelligible to all but their intended recipients. All, that is, but the government, which would hold the "key" to your chip. The key would separated into two pieces, held in escrow, and joined with the appropriate "legal authority."

    Computers, Ethics, and Social Responsibility

    Projects from Stanford University - Spring Quarter 1995-96

    The Clipper Chip

    (selected excerpts)


    3. Right of Citizens to Privacy from the government

    The thought of the FBI wiretapping my communications appeals to me about as much as its searching my home and seizing my papers. But the Constitution does not give us absolute privacy from court-ordered searches and seizures, and for good reason. Lawlessness would prevail. Nowhere in the Constitution is the right to complete privacy assured to U.S. citizens, just as the right to complete freedom of speech is not granted.

    The Clipper Chip is not about increasing government's authority to invade the privacy of its citizens. All that key escrow does is preserve the government's current ability to conduct wiretaps under existing authorities. The government would have the same ability to tap phones that it has had for a very long time now. Without any cryptography at all, anybody can tap your phone and listen in to your conversation. The Clipper Chip prevents anybody but court-authorized law-enforcement agents to tap your phone. ...



    1. The Need for Wiretaps

    ...The question is, who do you trust, and for most Americans the government isn't high on that list. Creating a government enforced cryptography system will only create more beauracracy, and more drains on taxpayers money. How can one justify creating only one form of encryption and then using taxpayer's money to fund those who may be spying on them?

    ...Mass capabilities for spying open up new questions as to who is allowed access to private information on others. Before a government mandated chip can be used, there needs to be a readdressment of the entire structure of the law enforcement system.

    2. Threat to lawful surveillance

    (re: criminal use)...then what difference does the clipper chip make? Either they won't purchase it, and use what they presently have, or they'll find ways around it. Nothing will stop them from buying their own software and encrypting their message before they send it out through clipper. Thus, they'll have a doubly encrypted message that even if the government sees the first decoding, they won't be able to get past the second. The black market for such programs will be quite lucrative, and where there's money involved there will definitely be interest.

    ...The clipper chip relies on a classified algorithm (declassified 6/23/98 - see 'In the news' above), thus it has never been tested by outside sources. Many experts believe that the NSA, who created the chip, might very well have created a way to eavesdrop without having to create the family key, thus circumventing the legal procedure. ...

    3. Rights of Citizens

    ..Favoritism, the American way, will become a standard, giving those already in power just a little more leverage.

    Other interesting works at Stanford University

    It Came From Planet Clipper: The Battle Over Cryptographic Key "Escrow"

    by A. Michael Froomkin

    - Excerpts from a law professor's view.

    A. Michael Froomkin, 1996. - Excerpts reprinted with permission.

    Send comments to A. Michael Froomkin

    "Although the Clipper chip failed to catch on, the long-term policy of which it is a part seems to have accomplished at least its objective of playing for time.

    "...Not everyone accepts that the government should have the right to acquire the contents of personal communications and data. Nevertheless, in this article I will assume without argument that surveillance and information acquisition conducted pursuant to the rule of law, such as a valid warrant or other lawful government order, is the legitimate fruit of a legitimate policy choice in a democratic society. From this perspective--which is surely the perspective of policy makers who have the duty of executing those laws--legitimate national policy is frustrated when a wiretap is thwarted because the FBI cannot decode the conversation or a search warrant is unproductive because the police cannot decrypt the suspect's hard drive.

    "...In February 1996, about two years after the Administration originally promised to promulgate a personal use exception, it became legal to take strong cryptographic programs abroad, on a laptop computer for example, for personal use.{39}

    "...U.S. law currently imposes no restriction on sending encrypted messages abroad, regardless of the strength of the encryption. The ITAR prohibit the export of the means to encrypt messages, not the messages themselves.

    "...For example, Netscape browsers were recently found to have a bug in their random number generators that resulted in predictable patterns in the numbers used to encrypt communications.{83} No test using an input-output table could detect this kind of error, but it is no less fatal.

    (note: a French student and another group had also cracked the 40 bit version but there seems little Netscape can or will do - aj) ...and yet another reported crack of RSA's 40 bit in Jan '97 - then 48 bit bites the dust... and by June '97 '56 bit' is eaten using massive distributed processing - then on July 17, 1998 The Electronic Frontier Foundation cracked a 56 bit DES key on a single machine. - this was the Federal Standard for years)

    "...Despite these enormous obstacles to commercial viability, the software key escrow plan was founded on the accurate observation that if businesses began to encrypt their data with strong ciphers, they would need some means to access that data in emergencies. Security professionals call this "key management," but they mean something that is not identical to key escrow. Wise key management involves ensuring access to copies of keys used in the course of business. For a corporation encrypting its information, fail-safe access to critical data is essential. However, not all keys are equal. Access to the keys that safeguard corporate records might be more important than access to an employee's e- mail, although one could imagine circumstances, such as litigation, in which access to e-mail was necessary to reconstruct a transaction. Keys encrypting telephone conversations might be less important still, although even they might be useful if the firm imagines that it, or the police, might need to eavesdrop on employees in the course of an investigation of fraud or theft.

    The software key escrow proposal extended to all keys used in communications, including telephones, but it did not involve the "escrow" of keys used in digital signatures. Indeed, escrow of digital-signature keys would be a very bad idea. For one thing, businesses would have little need to ensure emergency access to keys that give employees the power to do something because a well-designed key management system allows the appropriate authorities to revoke and create individuals' authorizations at will. For example, a corporation might issue digitally signed certificates authorizing the holder of a digital-signature key to sign things in the corporate name or to transact up to a defined dollar limit. Each digital-signature key is unique, and identifies the persons involved in the transaction just as much as it authenticates them as legitimate corporate representatives. A supplier presented with an employee's digital signature would ordinarily check to ensure that the certificate backing up that signature was valid before relying on it. This authentication usually requires a real-time check on the continuing validity of the corporate certificate. If the employee's authorization lapsed for any reason, the corporation could easily revoke the certificate, making continuing authentication of the employee's digital signature impossible. As a result, a business using certificated digital signatures in its transactions would never need to forge an employee's digital signature, and would not want to create this capability for anyone else. The company retains control over delegated powers without needing to be able to pretend to be the employee.

    Worse, "escrow" of a digital-signature key would tend to undermine one of the most important and useful features of a digital-signature system. So long as the user keeps control of her key, a message digitally signed by the user's key demonstrates beyond almost any doubt that the message was actually sent by that person and that it has not been altered in any way since it was signed. Admitting any challenge to the uniqueness of the signature would introduce a destructive element of doubt to this assurance, and would elevate the claim that a digital signature had been forged from the incredible to the conceivable. To its credit, the Administration recognized this and sought to exclude digital-signature keys from its key escrow proposal.

    Overall, the software key escrow plan sought to expand users' evident need for some sort of key archive in two directions that were less obviously in tune with users' interests. First the plan would have applied to encrypted communications, such as telephone conversations, as well as to stored data, although it was far from obvious that many would have chosen to archive keys used for communication rather than storage. Some companies might reasonably feel that they benefit from having the ability to eavesdrop on their employees. Some companies might reasonably conclude that they are better off if the government can easily investigate employees suspected of misdeeds. For these corporations, fraud prevention might be more important than employee and corporate privacy. Other companies might feel differently. Whatever the corporate view, individuals derive no direct personal benefit from making it possible for the government to tap their telephones, although society as a whole might gain some benefit from the increased effectiveness of law enforcement.

    ...On May 30, 1996, the National Research Council released a prepublication draft of Cryptography's Role in Securing the Information Society ("CRISIS"), emphasizing the cost to the United States of not having strong, widely deployed cryptography in an age of large information-security vulnerabilities that could affect important civilian applications. The Committee that authored the report was drawn from leaders in national security, law, foreign relations, communications, and computer science. The Report is unusually thorough, containing a wealth of information on cryptography and cryptography policy, and its conclusions are likely to shape the cryptography debate.
    On the question of whether the gains to national security from secure communications and data storage outweigh the losses to law enforcement and national security, the Report concludes that, "on balance, the advantages of more widespread use of cryptography outweigh the disadvantages." The Report does not, however, recommend that the application of the ITAR to cryptography be discontinued. Instead, it recommends that export controls on cryptography "should be progressively relaxed but not eliminated," with most export control on fifty-six-bit DES being removed immediately so long as the products cannot be used to generate 3-DES.

    The decision to draw the line at DES has all the earmarks of a political compromise. ...

    39. See 61 Fed Reg 6111 (Feb 16, 1996) (personal use exception to ITAR). The regulations, however, impose surprisingly extensive record keeping requirements on anyone who takes an encryption program to a foreign country. See id.

    83. See John Markoff, Security Flaw is Discovered in Software Used in Shopping, NY Times A1 (Sept 19, 1995); Netscape, Welcome to Netscape Navigator Version 2.01, available online at http:// 2.01.html#Security (describing problem with implementation of random number generator and announcing bugfix)

    (quoted with Professor Froomkin's, "That looks ok, but there's a typo...") - Thank you Professor - I redid it - aj

    Note: Professor Froomkin is also listed as being on the Advisory Committee of PrivacyExchange.Org ---

    Pro and
ConPro & Con - Cryptologists Ronald Rivest (the 'R' in RSA) vs. Dorothy Denning (Georgetown University) on the impact of Clipper

    IndifferntThe Indifferent Negroponte

WhitehouseThe Whitehouse

statement The FBI

technology The Clipper technology

technology The Capstone (Clipper's little bro.) technology

    eff.orgThe E.F.F.'s co-founder John Perry Barlow's

    Decrypting The Puzzle Palace

    Recently found:
    The Melissa virus is ten years old
    Sophos commemorates the tenth anniversary of the Melissa virus outbreak, one of the first email-aware worms which brought businesses to a standstill in 1999. Learn what the virus did, how its author was caught and the impact that the Melissa virus had on future malware authors in this indepth blog posting.

    GhostNet: Are the Chinese government really behind it?
    Canadian researchers, called in by the Dalai Lama to investigate reports of malware on Tibetan government systems, has published a detailed investigation into high profile targets around the world that have been compromised by a spyware network dubbed GhostNet. But is there enough evidence to confidently claim that the Chinese authorities are behind the attacks?

    " By Reuters Special to CNET NEWS.COM April 15, 1998
    BRISBANE--Concerns about the security of messages transmitted on the Internet are no longer valid, the founder of the World Wide Web Tim Berners-Lee said..." (it seems that between visits to The National Assoc. of Webmasters the start of the article above was dropped)...I think they disagree!

    Whitfield Diffie, co-inventor of public key encryption talks about privacy.

    And in the news: Privacy in the Digital Age - The New York Times, July 6, 1998, p. A10.

    including a response by FBI Director Louis J. FREEH

    and the following in reponse to one authors query: Would any of the members of the NAS CRISIS cryptography study panel know if keystroke surveillance one of the technologies proposed for the FBI as an alternative to GAK? ...


  • Date: Mon, 6 Jul 1998 14:42:46 -0400
  • From: Dave Emery
  • To: John Young
  • Cc:
  • Subject: Re: Gov Access to Key Strokes
  • > Could this technology to be covertly placed in all keyboards
  • > for activation say, by remote control, or via a program/device
  • > on the Internet? ...
  • ...In fact, under WIPO it would already be illegal to just disassemble and debug the relevant part of the OS to check to see if there was code in there to log and report keystrokes even if it was not encrypted or otherwise protected. And no doubt at all but that the rights enforcement software will be encrypted and otherwise protected just to make sure that anyone tampering with it or even just examining it for security flaws (such as keystroke recorders) would clearly be flagrantly violating WIPO in an unambiguous as possible way.

    and in another (appended to the above) message:

  • "Relating to something you recently mentioned:

  • There's an article on page 37 of the July 6, 1998 issue of NetworkWorld about a new software product for Windows machines that is basically a trojan horse that allows access to all keystrokes and files on a system from a remote "America's Most Wanted"-type HQ. I can't find the article online at, but you can go the the company's site at to see it. Sale of DIRT is "restricted to military, government, and law enforcement agencies", the article says.

    in part: "DIRT operates surreptitiously as a Trojan Horse. It is transmitted secretly to a target via email in several ways, including as a proprietary protocol, self-extracting executable, dummy segment fault, hidden zip file, or macro. "Once the DIRT bug is successfully embedded in the target machine, two things occur. First, all keystrokes made at the target's keyboard are captured secretly. When the machine is connected online, it will stealthily transmit captured keystrokes to a remotely located DIRT-Control Central for analysis. ...

    ...Prudence, indeed, will dictate that Governments long established should not be changed for light and transient Causes; and accordingly all Experience hath shown that Mankind are more disposed to suffer, while Evils are sufferable than to right themselves by abolishing the Forms to which they are accustomed. ...

    Civil Disobedience:

    While confined here in the Birmingham City Jail, I came across your recent statement calling our present activities "unwise and untimely." Seldom, if ever, do I pause to answer criticism of my work and ideas...But since I feel that you are men of genuine good will and your criticisms are sincerely set forth, I would like to answer your statement in what I hope will be patient and reasonable terms. ...- MLK, Jr

    For more: HandiLink's crypto directory with a news search on cryptography at the bottom - pretty good.

    Next --> Privacy page
    Back <-- Introduction
    Links to resources