Bottom Line: In a way, I am hoping that "Clipper III" is proposed, as it will energize us once again. Historically, the "Cypherpunks antibodies" have had their most vigorous growth when faced with a government antigen. At 8:09 PM GMT 5/18/96, Will Rodger wrote:

The White House is about to answer recent attempts to liberalize encryption exports with a proposal of its own.

Documents obtained by Interactive Week show the Ciinton Administration has been lobbying key Republican committee members to compromise on encryption through a policy that looks very much like previous commerical key escrow efforts. ... The URL for the complete article is: http://www.zdnet.com/intweek/daily/960518y.html

Will Rodger Washington Bureau Chief Interactive Week

Many thanks to Will for passing this on the Cypherpunks list. Our opposition to Clipper I and Clipper II was strong and, I expect, will continue with CIII. A question for Will Rodger: Is this "White Paper" ("The newest proposal is contained in a 24-page White Paper, a draft of which hit Capitol Hill earlier this week") related in any way to the one being prepared by Herb Lin and a bunch of other folks? It was due out about this time, and the topic seems similar. A bunch of us gave input to Herb and his panel at the CFP in '95...if this is the same White Paper, looks like we might just as well have saved our breath. I read the stuff at the URL, and at first blush it looks to say nothing about _domestic_ (within the U.S. and Canada) encryption. I'll be anxious to see what the White Paper says about domestic encryption. (To be clear, there are currently _no_ laws whatsoever about the types of crypto a citizen (or resident alien, or, for all intents and purposes, anyone) may use, nor about the key length, nor about any form of GAK, etc. Even Clipper I did not actually mandate allowable forms of crypto, though many of us thought that this was the desired end-state, down the road. So, I am tentatively assuming that Clipper III, if passed, will not diretly impinge on domestic encryption policy, about which the government currently says nothing.) However, as with other proposed crypto laws and "trial balloons," there are several questions which arise: 1. Will there be pressures put on the browser companies (Netscape, Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris, Lotus, etc.) to produce a "world version" that meets export standards with a single shrink-wrapped package? (Recall that last fall some of the various companies stated as their goal having a single package that could be shipped worldwide. Some of them claimed having two versions, a domestic U.S. version and an international version, was too onerous. I am skeptical of this, given that they have multiple platforms to support, multiple operating systems, etc. But they claim it is.) 2. Interoperability. How will U.S. users exchange messages with international users? Will a U.S. user have to register with the Authorities to get the proper credentials, protocols, etc.? Will the U.S.-sold versions of Netscape or Explorer, for example, contain the international GAKed versions for use with international users? 3. With products like PGP, there are already international users (lots of them). Thus, no "export laws" are involved. So, will I be able to communicate with them using my existing PGP methods? (If not, then my right to use an encryption product is in fact being limited, contrary to the putative wording of what Clipper III is supposed to be. To make this clear, I'm _already_ communicating with PGP, so no "export version" is needed.) And if U.S. users can continue to interoperate with international users as they are now doing, this puts the lie to claims about how key escrow will be useful for law enforcement. 4. And of course there is always the issue of _superencryption_. How a GAKked program can detect that superencryption is being used has never been adequately explained (to my satisfaction at least). Entropy measures won't do it, and forbidding any encryption of messages already containing "BEGIN PGP" will clearly just be a klugey bandaid. 5. What about U.S.-based corporations with offshore offices? Is a company supposed to replace its entire intranet corporate network with a GAKked system if even a single user is outside the U.S.-Canada? (I fear that this is indeed the proposal. The effect will then be to make all corporations GAKked.) 6. What about U.S. persons travelling abroad? 7. What about packets zinging around the world? Lots of complications if GAK is insisted upon. And lots of new avenues for "packet laundering." 8. The issue of why other countries would insist that their citizens GAK their keys when U.S. citizens don't have to!! ("Yes, Herr Glomlutz, we are insisting that all Germans using Netscape 4.0 must deposit their keys mit der Key Authority. No, we are not requiring our own citizens to do this." I don't think this will fly too well.) I can't see how other countries will go along with this. And what about the usual problem of "rogue nations" like Iraq, Iran, North Korea, Israel, and Liberia? 9. Many other issues. (They never answered the similar questions raised the last time, so I doubt they will this time.) Clipper III, if it turns out to be another worthless proposal which is laughed out of Washington, will be no real threat. If Clipper III actually outlaws or places limits on domestic use of crypto (as I think it must, else it can be too easily circumvented completely), then it will be a rallying cry which will likely see our membership increase still further, the anti-Washington rhetoric escalate, and likely some new developments in the war. In a way, I am hoping that "Clipper III" is proposed, as it will energize us once again. Historically, the "Cypherpunks antibodies" have had their most vigorous growth when faced with a government antigen. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."