--- begin forwarded text Date: Thu, 4 Sep 1997 09:58:00 -0400 (EDT) From: Peter F Cassidy <pcassidy@world.std.com> To: dcsb@ai.mit.edu Subject: Re: FBI calls for mandatory key escrow; Denning on export ctrls Mime-Version: 1.0 Sender: bounce-dcsb@ai.mit.edu Precedence: bulk Reply-To: Peter F Cassidy <pcassidy@world.std.com> Friends, The campaign to bring all communications technologies under state/military control is progressing almost exactly as planned. On my desk is the Jan. 1992 memorandum from Brent Scowcroft, former national security advisor to Bush, outlining the digital telephony/crypto control strategy. The president, Scowcroft wrote in the memorandum, had advised: "Justice should go ahead now to seek a legislative fix to the digital telephony problem, and all parties should prepare to follow through on the encryption problem in about a year. Success with digital telephony will lock in one major objective; we will have a beachhead we can exploit for the encryption fix; and the encryption access options can be developed more thoroughly in the meantime." Digital Telephony legislation was passed in October of 1994 - after the directors of the NSA and FBI visisted senators who were sitting on it and placed holds on it - one for idealogical reasons, the other for horsetrading later in the session. Within days the holds were removed, the legislation flew through both houses in voice votes, if memory serves, and Clinton, a war protester who has become a virtual puppet of the military intelligence system in communications policy, signed it about a week later. Everyone has a telephone yet the opposition couldn't muster enough popular dissent to crush the legislation. This makes me fear for the future of crypto, the conscious users of which define a much smaller universe than telephone users. Most interestingly, the FBI didn't even have real facts on wiretaps to prove its case. A recent academic study indicates that the wiretapping stats that the FBI used to "prove" its case - the absolute necessity of wiretapping - were in large part falsified. (Starting in the early 90s, requests for wiretapping suddenly shot up, while, if you check later, the numbers of executions of the orders and subsequent arrests and prosecutions stayed flat.) PFC

All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon.

FBI Director Louis Freeh also told a Senate Judiciary subcommittee that "network service providers should be required to have some immediate decryption ability available" permitting agents to readily descramble encrypted messages that pass through their system.

This marks the most aggressive push to date for mandatory domestic key escrow (or "key recovery"), which means someone else other than the recipient can decipher messages you send out. Now, the easiest way to win such a political tussle in Washington is to control the terms of the debate. And nobody understands that rule better than Sen. Jon Kyl (R-Arizona), chair of the Judiciary subcommittee on technology, terrorism, and government information.

Kyl opened today's hearing not by saying its purpose was to discuss crypto in a balanced manner, but that he wanted "to explore how encryption is affecting the way we deal with criminals, terrorists, and the security needs of business." Then he talked at length about "criminals and terrorists" using crypto, and child pornographers "using encryption to hide pornographic images of children that they transmit across the Internet."

Kyl also stacked the three panels. Out of seven witnesses, five were current or former law enforcement agents. No privacy or civil liberties advocates testified. Some companies including FedEx apparently dropped out when told they'd have to pay lip service to key escrow if they wanted to speak.

Dorothy Denning, a Georgetown University professor of computer science, did testify. Kyl made a point of asking her if she still supported key escrow systems (two recent articles by Will Rodger and Simson Garfinkel said she was changing her mind). "I think key recovery offers a very attractive approach," Denning said. What about export controls? "In the absence of any controls, the problem for law enforcement would get worse," she replied.

But when Sen. Dianne Feinstein (D-Calif) asked if Denning would support a *mandatory* key escrow system, the computer scientist said she wouldn't. "No, because we don't have a lot of experience we key recovery systems... a lot of people are legitimately nervous."

(Keep in mind that although Feinstein supposedly represents Silicon Valley, she's no friend of high tech firms. She opposes lifting export controls; in fact, she says that "nothing other than some form of mandatory key recovery really does the job" of preventing crime. Of course, Feinstein doesn't have a clue. She talks about whether businesses would want "a hard key or digital key or a key infrastructure." Yes, folks, this is in fact meaningless blather.)

Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, DC, says, "Simply stated, the Senate train is headed in the wrong direction. But of course this doesn't answer the question of what will ultimately be resolved by Congress? There's a very popular measure in the House right now that's heading in a different direction."

Rotenberg is talking about Rep. Bob Goodlatte's SAFE bill, which is much more pro-business than S.909, the McCain-Kerrey Senate bill that Kyl supports. Now, S.909 doesn't mandate key recovery; it only strongly encourages it by wielding the federal government's purchasing power to jumpstart a key recovery infrastructure.

But Kyl would go further. At a recent Heritage Foundation roundtable on encryption, I asked him, "Why not make key recovery technology mandatory -- after all, terrorists, drug kingpins and other criminals won't use it otherwise. Kyl's response? Not that it would be a violation of Constitutional due process and search and seizure protections or a bad idea. Instead, he told me he simply didn't have enough votes...

-Declan

--- end forwarded text

----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/

For help on using this list (especially unsubscribing), send a message to "dcsb-request@ai.mit.edu" with one line of text: "help".

For help on using this list (especially unsubscribing), send a message to "dcsb-request@ai.mit.edu" with one line of text: "help". --- end forwarded text ----------------- Robert Hettinga (rah@shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/