The Future of Cryptography Dorothy E. Denning Georgetown University Revised January 6, 1996 [Responses by Duncan Frissell in square brackets] Although May limply asserts that anarchy does not mean lawlessness and social disorder, the absence of government would lead to exactly these states of chaos. [Tim is rarely given to limp assertions. I haven't seen him spend much time arguing about the exact social arrangements of a free society following the crypto revolution. He has merely pointed out the results of the technology.] I do not want to live in an anarchistic society -- if such could be called a society at all -- and I doubt many would. [Whatever happens, there will always be plenty of cults around (perhaps even one called the Government of the United States of America) to which anyone will be free to belong and at the altars of which one will be free to worship. In fact the deregulation of human interaction will make it easier for more oppressive cults to exist than is possible today as long as they keep to themselves. There will be no shortage of people willing to tell their followers what to do. Nothing will stop anyone from joining such a society.] A growing number of people are attracted to the market liberalism envisioned by Jefferson, Hayek, and many others, but not to anarchy. Thus, the crypto anarchists' claims come close to asserting that the technology will take us to an outcome that most of us would not choose. [Still up for negotiation is how liberal a market we will want. The growing power of markets and (traditional) liberal ideas is the result of the growing wealth and power of individuals around the world. Crypto anarchists merely point out that the shape of future market societies is no longer in the hands of "The Authorities" but is rather in the hands of those trading on the market; i.e., everyone on Earth."] This is the claim that I want to address here. I do not accept crypto anarchy as the inevitable outcome. A new paradigm of cryptography, key escrow, is emerging and gaining acceptance in industry. [That is what remains to be seen.] The drawbacks of cryptography are frequently overlooked as well. The widespread availability of unbreakable encryption coupled with anonymous services could lead to a situation where practically all communications are immune from lawful interception (wiretaps) [My thoughts are immune from 'lawful interception' as are everyone else's and yet the world survives. Thought is communication within the brain. Communication is 'thought' between brains. The world which has survived private thoughts can survive private communications. The whole concept of controlling communications is a bit obsolete in any case. In past eras, the only social threat came from large masses of men (hence the desire to intercept and control communications) whereas today any individual can do more damage than a large group in the past.] and documents from lawful search and seizure, and where all electronic transactions are beyond the reach of any government regulation or oversight. The consequences of this to public safety and social and economic stability could be devastating. [See the recent joint study by the Cato Institute, the Fraser Institute, and 9 other think tanks world wide showing that there is a strong positive correlation between nations with free economies and nations with wealth. There seems little doubt that total economic deregulation is a good thing. We shall certainly have the chance to test that hypothesis in coming years. I haven't seen any nation harmed so far by having too free an economy.] With the government essentially locked out, computers and telecommunications systems would become safe havens for criminal activity. Even May himself acknowledges that crypto anarchy provides a means for tax evasion, money laundering, espionage (with digital dead drops), [That is, keeping your own money, transferring funds, and research. Sounds like activities that should not be the concern of others.] contract killings, [These may be easier although *government* killings will be harder since governments may lack the resources to do as much of that sort of thing as they have done before. (From 1917-1989, Communist governments murdered someone every 30 seconds -- a total of some 60 million people.) In addition, those who fear they may be the subject of contract killings can use pseudonyms, locational ambiguity, and untraceable communications to make themselves harder to find and thus to kill.] and implementation of data havens for storing and marketing illegal or controversial material. [Last time I looked, controversial material was legal to possess and transmit. Illegal information will no longer be illegal if its transmission can't be stopped since utterly unenforceable laws tend to go away (see Sodomy).] Encryption also threatens national security by interfering with foreign intelligence operations. The United States, along with many other countries, imposes export controls on encryption technology to lessen this threat. [Of course if the US is weakened by the growth of (really) free markets, its enemies will be as well so foreign threats will automatically diminish.] Cryptography poses a threat to organizations and individuals too. With encryption, an employee of a company can sell proprietary electronic information to a competitor without the need to photocopy and handle physical documents. [This is a threat from digitization, not from encryption.] The keys that unlock a corporation's files may be lost, corrupted, or held hostage for ransom, thus rendering valuable information inaccessible. [Or the computers can not be backed up, can crash, can be blown up, can be flooded, can experience disk failures, etc. This is not a problem unique to encryption. Backups and scattered sites are always necessary. High-speed networks, secure communications, and encryption make it easier to back up your systems at different locations all over the world. They help you avoid data loss, they don't contribute to it. Key splitting and private key escrow can easily protect keys.] When considering the threats posed by cryptography, it is important to recognize that only the use of encryption for confidentiality, including anonymity, presents a problem. [Of course confidentiality is the reason codes were invented in the first place. Additionally, the Supreme court has recognized that anonymity has First Amendment protection. We have already made the social decision that anonymity is OK in many circumstances. I'm sure that all of us engage in many anonymous transactions on a daily basis and yet the world survives.] Crypto anarchy can be viewed as the proliferation of cryptography that provides the benefits of confidentiality protection but does nothing about its harms. It is government-proof encryption which denies access to the government even under a court order or other legal order. [In countries that don't regularly practice torture, we have the power to disobey court orders in any case. Modern technology merely makes it easier and reduces the likelihood of punishment. Court orders are rare in any case. Seems like much ado about nothing.] It has no safeguards to protect users and their organizations from accidents and abuse. [This is the job of those who write software, not philosophers.] The crypto anarchist position is that cyberspace is on a non-stop drift toward crypto anarchy. [I usually argue that the spread of markets is driven more by cheap telecoms and the growth of a very efficient market infrastructure. Cryptography hasn't had much of an impact yet. I think that even without crypto, markets will swamp attempts to regulate them and since people can move as well, they are becoming harder to control even before any crypto revolution.] In addition to the free encryption programs being distributed on the net, encryption is becoming a basic service integrated into commercial applications packages and network products. The IP Security Working Group of the Internet Engineering Task Force has written a document that calls for all compliant IPv6 (Internet Protocol, version 6) implementations to incorporate DES cryptography. [The net belongs to its customers and as owners they will probably decide to secure their property. Sounds enormously democratic to me.] The potential harms of cryptography have already begun to appear. As the result of interviews I conducted in May, 1995, I found numerous cases where investigative agencies had encountered encrypted communications and computer files. These cases involved child pornography, [Possession of a bunch of zeros and ones.] customs violations [free trade] drugs [the retail pharmaceutical trade] espionage [research] embezzlement [finally a crime] murder [Another crime. Can you give us the details of a murder investigation blocked by cryptography? We don't need any names.] obstruction of justice [Refusal to make things easy for prosecutors. A *real* crime. This wasn't Hillary by any chance, was it?] tax protesters [You mean tax evaders, don't you? Far as I know, protesting taxes is a legal activity.] and terrorism. [State-sponsored or private?] At the International Cryptography Institute held in Washington in September, 1995, FBI Director Louis Freeh reported that encryption had been encountered in a terrorism investigation in the Philippines involving an alleged plot to assassinate Pope John Paul II and bomb a U.S. airliner [4]. [But the perp was caught anyway. Is this the same Louis Freeh who thinks that the loss (by him) of a government cellphone is just as bad as the FBI issuing shoot-to-kill orders against American citizens before even trying to arrest them (since he punished both with a letter of reprimand)?] AccessData Corp., a company in Orem, Utah which specializes in providing software and services to help law enforcement agencies and companies recover data that has been locked out through encryption, reports receiving about a dozen and a half calls a day from companies with inaccessible data. [Sounds like poor system design. I'm not sure that advising others how to safely store their business records has anything to do with law enforcement, however.] The idea is to combine strong encryption with an emergency decryption capability. This is accomplished by linking encrypted data to a data recovery key which facilitates decryption. This key need not be (and typically is not) the one used for normal decryption, but it must provide access to that key. The data recovery key is held by a trusted fiduciary, which could conceivably be a governmental agency, court, or trusted and bonded private organization. A key might be split among several such agencies. [Why would a government agency or a court be the best entity to provide business services? If I'm looking for someone to install a LAN in my office, I don't immediately think to call the Post Office and get them to bid on the job. Business services like data backup and recovery are much more likely to be efficiently accomplished by a private contractor.] Organizations registered with an escrow agent can acquire their own keys for emergency decryption. An investigative or intelligence agency seeking access to communications or stored files makes application through appropriate procedures (which normally includes getting a court order) and, upon compliance, is issued the key. [But what if it turns out that my chosen escrow agent is located outside the jurisdiction of the court. Surely you don't want to cause any NAFTA or GATT problems here. The WTO might declare your encryption policy to be an unfair trade practice.] Legitimate privacy interests are protected through access procedures, auditing, and other safeguards. [But what if some of us want better protection than bureaucratic promises and procedures. Some people in the past who relied on government promises and procedures ended up in crowded "shower" rooms trying to extract oxygen from diesel exhaust.]. In April, 1993, as response to a rising need for and use of encryption products, the Clinton Administration announced a new initiative to promote encryption in a way that would not prohibit lawful decryption when investigative agencies are authorized to intercept communications or search computer files [6]. [And a rousing success it was.] The IBAG principles acknowledge the right of businesses and individuals to protect their information and the right of law-abiding governments to intercept and lawfully seize information when there is no practical alternative. [Is a communist dictatorship a "law abiding government?"] The principles call for industry to develop open voluntary, consensus, international standards and for governments, businesses, and individuals to work together to define the requirements for those standards. The standards would allow choices about algorithm, mode of operation, key length, and implementation in hardware or software. Products conforming to the standards would not be subject to restrictions on import or use and would be generally exportable. [Gee, I thought that was what we were doing.] It is conceivable that domestic and international efforts will be sufficient to avoid crypto anarchy, particularly with support from the international business community. However, it is possible that they will not be enough. Many companies are developing products with strong encryption that do not accommodate government access, standards groups are adopting non-key escrow standards, and software encryption packages such as PGP are rapidly proliferating on the Internet, which is due, in part, to the crypto anarchists whose goal is to lock out the government. Since key escrow adds to the development and operation costs of encryption products, the price advantage of unescrowed encryption products could also be a factor which might undermine the success of a completely voluntary approach. [Sounds like the voluntary cooperation of human beings in international markets is just humming right along isn't it? It seems that a lot of market participants are "voting with their feet" for strong crypto. The System is the Solution.] Under this licensing program, commercial encryption products, including programs distributed through public network servers, would comply with government regulations. [Isn't a "public network server" just a server that is made world readable? Since there will be (conservatively) 100 million "public network servers" online in a few years, won't enforcement be a trifle difficult?] Such an approach would not prevent the use of government-proof encryption products by criminals and terrorists. They could develop their own or acquire the products illegally. But an approach of this type would make it considerably more difficult than it is at present. Had such controls been adopted several years ago -- before programs such as DES and PGP were posted on the Internet -- the encryption products on the market today would support key escrow or some other method for government access. [As I recall, wasn't public key encryption developed in spite of the fact that the NSA had in place an unofficial ban on cryptographic research? The NSA's ban failed. Since you are not proposing outlawing such research, what makes you think that mere distribution controls will work? ] It would not be possible to acquire strong, government-proof encryption from reputable vendors or network file servers. The encryption products available through underground servers and the black market would most likely not possess as high a quality as products developed through the legitimate market. [The Internet itself runs primarily on software developed on the open market from non-commercial sources without slick packaging. It seems to have met with some market acceptance in spite of the lack of shrink-wrap packaging.] Crypto anarchy is an international threat which has been stimulated by international communications systems including telephones and the Internet. Addressing this threat requires an international approach that provides for both secure international communications crossing national boundaries and electronic surveillance by governments of criminal and terrorist activity taking place within their jurisdictions. [It's nice to be noticed. How, exactly, is this voluntary, international, standards regime going to deal with the desire of different governments to control different communications. Look at the problems, some governments want to ban American movies, the Asian Wall Street Journal, books on the health of former heads of state, public records of sensational murder trials, phone calls made using callback services, financial wire services, novels by leftist co-religionists living in England, email containing the English word for sexual intercourse (if readable by children), directions on where to obtain an abortion in London, etc. And all these governments will want to crack private transmissions in order to find those responsible for these "crimes." This is going to be a hell of a challenge for a voluntary, international standards regime. I think it is probably beyond the capabilities of such an institution to mediate among all of these competing desires to control the communications of others.] DCF "BTW if one spellchecks the word unescrowed (as in unescrowed encryption) one is likely to encounter the suggested replacement "unscrewed" (as in unscrewed encryption).