---------- Forwarded message ---------- Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: fight-censorship@vorlon.mit.edu Subject: White House crypto proposal -- too little, too late I just got back from the White House, where Gore's office held a roundtable plugging the administration's long-awaited and already widely-derided Return of Clipper proposal. Gore announced that jurisdiction over crypto exports would move to the Commerce Dept; that the export embargo on 56-bit DES would be lifted in part for two years only; that to be approved for export firms must submit a detailed proposal describing how they will move towards key escrow; that the new regulations would go into effect on January 1. The true problem with this plan is that 56-bit DES is woefully inadequate. But much of the media coverage I've read of the plan doesn't even mention that. Take Elizabeth Corcoran's article, which ran above the fold on the front page in today's Washington Post. (It's what almost certainly prompted Gore's office to move the announcement to today rather than hold it later this week.) The thrust of the article is that the administration's new proposal balances the needs of privacy, business, and law enforcement. But it doesn't. The Feds, foreign governments, and determined attackers can crack anything encrypted with 56-bit DES -- the strongest crypto that can be exported under the plan. This vital fact appears nowhere in the Post article. That's why Bruce Schneier, author of Applied Cryptography, recommends against using DES in favor of a more secure algorithm. According to Schneier: "A brute-force DES-cracking machine [designed by Michael Wiener] that can find a key in an average of 3.5 hours cost only $1 million in 1993." More recently, in January 1996 an ad hoc group of renowned cryptographers including Matt Blaze, Whitfield Diffie, Ronald Rivest and Schneier, released a report going even further. They said: "To provide adequate protection against the most serious threats - well-funded commercial enterprises or government intelligence agencies - keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years in the face of expected advances in computing power, keys in newly-deployed systems should be at least 90 bits long." What's even more disturbing is what the administration might do next. After the roundtable broke up, I chatted with Michael Vadis, one of the assistant deputy attorneys general who oversees national security issues. He said an international consensus is forming that terrorists can use crypto; therefore crypto must be controlled. The U.S. is certainly pushing this line at the OECD talks. "But it just takes one country to decide to export strong crypto," I said. "You're missing something," said Vadis. "What?" I asked. "Unless you're talking about import restrictions." "Exactly," he said. -Declan ******* Some background: Linkname: Brock Meeks on White House plan -- 6 Sep 96 Filename: http://www.muckraker.com/muckraker/96/36/index4a.html ******** http://www.washingtonpost.com/wp-srv/WPlate/1996-10/01/041L-100196-idx.html U.S. TO EASE ENCRYPTION RESTRICTIONS Privacy Advocates Wary of Proposal For Software Exports By Elizabeth Corcoran Washington Post Staff Writer Tuesday, October 1 1996; Page A01 The Washington Post The Clinton administration is cutting off an emotional four-year-old debate with the computer industry over the export of information-scrambling technology with a plan that it says will help U.S. companies boost sales overseas and still allow law enforcement agencies to unscramble messages, officials said yesterday. President Clinton has decided to sign an executive order that changes the rules restricting the overseas sale of the technology, the officials said. Although the full details of the plan had yet to be revealed, privacy advocates and some industry executives contended that it would be difficult to put into practice. Under current rules, companies can sell only relatively easy-to-crack scrambling technology. Under the plan, they would get permission to export somewhat more sophisticated versions of the software and hardware, which prevents eavesdroppers from looking at information. The issue has caused enormous friction between the government and computer industry and privacy groups, which contend that keeping any restrictions in place will harm the protection of personal information everywhere and slow the development of on-line commerce, which relies on keeping credit card numbers and other sensitive information secure. The administration counters that it has come a long way in meeting such objections. However, last night some companies and privacy advocates were still worried that the constraints will leave U.S. companies at a disadvantage abroad and will not ensure that individuals will be able to protect their communications. The government's plan preserves what has been its unnegotiable cornerstone since the debate began in the early day of the Clinton administration -- that law enforcement officials must have the means for peeking at encrypted information when they are properly equipped with court authorization. Earlier versions of the plan tightly limited what kinds of technology could be sold abroad. They also called for makers of encryption technology to deposit "keys" with approved third parties so that law enforcement authorities could decode material. The new plan doesn't specify who would have the keys. Last night, several companies, led by International Business Machines Corp., said they have a technical plan that they believe could comply with the new rules on keys. [...] Industry officials say they ultimately want to be able to use the most sophisticated encryption technology available. "It's really critical to doing business around the world," said an IBM source. "But governments exist. It's a balancing act . . . to satisfy the needs of the governments and make sure that markets and individuals trust the integrity of what's being sent over the networks." [...]