7431 Teasdale Avenue San Diego, CA 92122 karn@unix.ka9q.ampr.org September 27, 1993 Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Re: A Proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES) Docket No 930659-3159 RIN 0693-AB19 Comments of Philip R. Karn, Jr Sirs: I am writing in response to your call for comments on the aforementioned matter that appeared in the Federal Register on July 30, 1993. I am writing as a concerned individual with BS and MS degrees in electrical and computer engineering and 15 years of professional experience in communications, computer networking and security at leading edge R&D organizations. I currently work in the digital cellular telephone industry, a ripe application for robust encryption if there ever was one. I feel that my experience in this field qualifies me to comment on the practicality of the proposed standard. First of all, I am totally opposed to the entire concept of key escrow. It is a dangerous, un-American and fatally flawed idea that should never have been proposed. In my opinion, everyone has the Constitutional right to use the encryption scheme of their choice, whether or not the government can break it. The impact of strong encryption on the enforcement of legitimate laws is and will remain minimal. Even unbreakable encryption is incapable of thwarting standard investigational techniques such as informants, testimony compelled through grants of immunity, "end point" surveillance (e.g., hidden microphones), the gathering of physical evidence of crimes and so forth. Strong un-escrowed encryption will, on the other hand, finally put an end to illegal, often politically motivated interceptions of private electronic communications without having to rely on anyone's goodwill, such as the still-unnamed "key escrow agencies". Precisely because eavesdropping has been so easy to do and so hard to detect, the government has repeatedly proven itself untrustworthy in this regard, as documented in great detail by the Watergate investigations and the Church Committee hearings of the 1970s. Why should we trust it now? Although the government currently claims that the EES will be a "voluntary" standard, many of its features make no sense whatsoever in this context. For example, why must the Skipjack algorithm be kept secret if individuals remain free to use other algorithms such as triple-key DES or IDEA that are quite probably even stronger? The government's claim is completely transparent, as one simply cannot escape the conclusion that the EES is a prelude to a ban on all other encryption schemes, or at least a ban on those the government can't crack. And this presents a profoundly disturbing threat to some very important Constitutional principles. Countless others have argued forcefully against the proposal on these and other grounds. For example, see the points made by the Computing Professionals for Social Responsibility (CPSR) in the attached Appendix. I fully agree with CPSR and feel that they alone should have been enough to stop the proposal long ago. However, the fact that the Escrowed Encryption Standard has advanced so quickly despite these serious problems reveals the totally one-sided nature of the decision process. Far from being an independent and impartial agency, NIST has proven itself to be merely a pawn for the National Security Agency, the Federal Bureau of Investigation and other powerful intelligence and law enforcement agencies. Despite (or perhaps because of) encryption's enormous potential to put real "teeth" into the Constitutional principles of privacy and freedom of speech and association, these agencies are notably unsympathetic to tFrom owner-cypherpunks Tue Sep 28 05:51:28 1993 Received: by toad.com id AA02707; Tue, 28 Sep 93 05:46:19 PDT Received: by toad.com id AA02651; Tue, 28 Sep 93 05:41:49 PDT Return-Path: <nowhere@bsu-cs.bsu.edu> Received: from bsu-cs.bsu.edu ([147.226.112.101]) by toad.com id AA02647; Tue, 28 Sep 93 05:41:46 PDT Received: by bsu-cs.bsu.edu (5.57/Ultrix3.0-C) id AA08271; Tue, 28 Sep 93 07:43:59 -0500 Date: Tue, 28 Sep 93 07:43:59 -0500 Message-Id: <9309281243.AA08271@bsu-cs.bsu.edu> From: Anonymous <nowhere@bsu-cs.bsu.edu> To: cypherpunks@toad.com X-Remailed-By: Anonymous <nowhere@bsu-cs.bsu.edu> X-Ttl: 0 X-Notice: This message was forwarded by a software- automated anonymous remailing service. Subject: Disturbing statistics on wiretaps Organization: Coalition for Cryptographic Freedom In the paper written by Delaney, Denning and Kaye (Wiretap Laws and Procedures -- What Happens when the U.S. Government Taps a Line, September 23, 1993), a few numbers were presented from a 1992 report which reflect the wiretaps put into place during that year. Without further details concerning the specifics surrounding some of these numbers, it should certainly raise eyebrows on a couple of points: - All 919 "interceptions" were authorized. The numbers presented in this report indicate that none were denied. - Out of this number, 303 were in single family homes, 135 were in apartments and 289 were categorized as placed in "other" locations. - Out of 919, 634 were placed into service for interception of information involving narcotics. The closest contender in this area involved racketeering, in which 90 was the magic number. - The number of persons arrested was 2,685. Of that number, only 607 were convicted. These statistics alone should concern YOU.