----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 20 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 20 May 22, 1996 CONTENTS: (1) Clinton Administration Floats Clipper III Key-Escrow Proposal (2) Join Sen Leahy TODAY (5/22) At HotWired to Discuss His Crypto Bill (3) Subscription Information (4) About CDT, contacting us ** This document may be redistributed freely with this banner in tact ** Excerpts may be re-posted with permission of <editor@cdt.org> ----------------------------------------------------------------------------- (1) CLINTON ADMINISTRATION FLOATS 'CLIPPER III' KEY ESCROW PROPOSAL The Clinton Administration Tuesday (5/21) unveiled a new encryption policy proposal which would use a government-sanctioned key certification system as an incentive to virtually impose key escrow on domestic users. The draft proposal, "Achieving Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure" (already dubbed Clipper III), seeks to establish a "public key infrastructure" for encryption. Broadly speaking, a public key infrastructure would enable users to clearly identify the people they are communicating with and facilitate key management, and is widely viewed as an important component of a secure and trusted communications environment. However, the Clipper III would establish this infrastructure at a price: All users of the public key infrastructure would have to ensure government access to their encryption keys through an approved key escrow authority. A detailed analysis of the Administration's latest draft proposal is attached below. Among other concerns: * The proposal is hardly voluntary - Key-escrow would become a prerequisite for participation in the Global Information Infrastructure. * The proposal contains few guidelines for how keys would be shared with foreign governments. * The proposal encourages the collection of highly sensitive private key information. * The proposal does not address major privacy concerns such as liability for key holders, limitations on law enforcement access, audit requirements, and other concerns that many have already identified as crucial to protecting individual privacy even in a voluntary key escrow system. CDT believes that the Administration's draft proposal does not meet the privacy and security needs of Internet users or the demands of the marketplace. While the proposal represents real progress by the Administration in recognizing the importance of encryption and the value of a public key infrastructure, in reality it provides few provisions to protect individual privacy. Moreover, the Clipper III proposal, like its predecessors, continues to put law enforcement and national security concerns above the privacy and security needs of the American public. The latest Administration proposal comes in the midst of Congressional efforts to relax encryption export controls and encourage the widespread use of strong, easy-to-use encryption and prohibit the government from imposing key escrow domestically. It also comes in the wake of a letter signed by over 27 Representatives last week urging the Administration to abandon its key-escrow initiative (See CDT Policy Post 2.19) A copy of the Draft proposal is available on CDT's encryption policy web page (http://www.cdt.org/crypto). SUMMARY OF THE PROPOSAL: ------------------------ Taking a nod from the efforts currently under way through the European Commission to establish a Public Key Infrastructure (PKI) in Europe, the Clipper III seeks to establish a means of ensuring authentication and key management for Americans. Among other things, the Clipper III draft proposal: * RECOGNIZES THAT THE GOVERNMENT SHOULD NOT IMPOSE ENCRYPTION STANDARDS ON MARKET: One positive element of the new proposal is an explicit recognition of the importance of encryption and the need for private sector, as opposed to government solutions. The draft states, "Government can no longer monopolize state of the art cryptography ... It is unrealistic to believe that government can produce solutions which keep ahead of today's rapidly changing information technology". * ESTABLISHES KEY MANAGEMENT INFRASTRUCTURE: The draft proposal would create a new public key infrastructure designed to tie individuals and entities to their public keys. * RELAXES EXPORT CONTROLS FOR KEY ESCROW PRODUCTS: The new draft would continue and expand the effort started with the Clipper II proposal by allowing the export of software with 64 bit key lengths (80 bits for hardware) on the condition that products contain a key-escrow function. Keys could be escrowed in the United States or where the US has a bilateral escrow agreement. Other exports to certain markets would be considered on a case-by-case basis. * PROVIDES FOR 'SELF ESCROW' OF ENCRYPTION KEYS: Self Escrow (where a corporation or individual could become an escrow agent for its own private keys) would be permitted, though the exact conditions of and obligations are not specified in the draft. MAJOR FLAWS IN THE CLIPPER PROPOSAL RENDER IT A NON-STARTER ----------------------------------------------------------- * CLIPPER III IS NOT VOLUNTARY & MAKES KEY-ESCROW A PRECONDITION FOR PARTICIPATION IN THE GLOBAL INFORMATION INFRASTRUCTURE While the Administration deserves credit for recognizing that a trusted public key infrastructure is an important component of a workable National Encryption policy, the latest proposal attempts to use the need for a public key infrastructure as a means to impose key escrow domestically. Although the Administration has repeatedly stressed that any key-escrow initiative would be a voluntary system, the text of the latest draft directly contradicts that contention. The proposal states that in order to participate in the Global Information Infrastructure, users will need to escrow their keys; if they choose not to participate in the key infrastructure, "users cannot know with whom they are dealing on the network, or sending money too, or who signed a document, or if the document was intercepted and changed by a third party." (page 3). The proposal goes on to state: "To participate in the network a user needs a public key certificate signed by a CA [Certification Authority] which 'binds' the user's identity to their public key. One condition of obtaining a certificate is that sufficient information (e.g., private keys or other information as appropriate) has been escrowed with a certified escrow authority to allow access to a user's data or communications." (page 5) In other words, the Clipper III proposal would require individuals and businesses to use key-escrow encryption as a condition of participating in the Global Information Infrastructure. Under the proposal, an individual cannot obtain certification by a Key Certification Authority (a necessity under the Clipper III scheme) unless he or she registers with a "certified escrow authority". There is no technical or structural reason (beyond law enforcement access) why key escrow must be a component of a public key infrastructure. In fact, a robust example of a public key infrastructure exists today for exchanging PGP keys (the PGP public key server at MIT <http://www-swiss.ai.mit.edu/~bal/pks-toplev.html>). * CLIPPER III TARGETS DOMESTIC USERS While export controls have ostensibly been aimed at controlling the use of encryption by foreign users (and indirectly, at domestic users as well), the Clipper III proposal is aimed directly at the domestic use of encryption and seeks to establish a system whereby key escrow becomes a de-facto component of domestic encryption products. * RAISES MAJOR QUESTIONS WITH RESPECT TO INTERNATIONAL KEY EXCHANGE In order to work, Clipper III assumes bi-lateral agreements between the US and other countries with respect to law enforcement access to escrowed keys, who could legally be an escrow agent, and other factors. Currently no such agreements exist. Bilateral agreements also raise important privacy issues, including how to deal with releasing keys to foreign governments, particularly those without any tradition of privacy protections. Finally, a patchwork of international agreements can create problems for interoperability. The same encryption and or authentication scheme exportable to Germany or England might not be exportable to India or China in the absence of a appropriate bi-lateral agreements. * CONTAINS NO PRIVACY PROTECTIONS/RESTRICTIONS ON LAW ENFORCEMENT ACCESS TO ESCROWED KEYS: Like Clipper and Clipper II, the latest proposal does not squarely address standards for law enforcement access to escrowed keys, unauthorized disclosure of keys by escrow agents, and other privacy issues associated with key escrow. * CREATES VULNERABILITY AND INSECURITY BY ENCOURAGING STORAGE OF PRIVATE KEYS: The proposal suggests that escrow agents hold either a user's private key or "other information as appropriate". Allowing escrow agents to accumulate private keys creates severe vulnerabilities in the network. Once a private key is disclosed (either to law enforcement or to an unauthorized third party), *every* communication using that key is compromised. Although the draft does attempt to limit this concern by allowing escrow agents to hold "other information", the proposal no where specifies what that would be. NEXT STEPS ---------- Congress is currently considering legislation which would head off the Administration's efforts to encourage domestic key-escrow encryption schemes and promote the widesprad avaiability of strong, easy-to-ues encryption technologies. Several bills, including S.1726 (the Pro-CODE bill) sponsored by Senators Burns (R-MT), Leahy (D-VT), Dole (R-KS), Pressler (R-SD), Wyden (D-OR) and others, along with HR 3011, sponsored by Reps Goodlatte (R-VA), Eshoo (D-CA), Campbell (D-CA) and over 25 others are currently being considered by Congress. Both bills would relax export restrictions and prohibit the government from imposing key escrow domestically. CDT looks forward to working with Members of Congress to pass legislation that encourages the widespread availability of strong, easy-to-use encryption technologies based on marketplace, not government, standards. ----------------------------------------------------------------------- (2) JOIN SENATOR LEAHY TODAY (Wed 5/22) TO DISCUSS PRIVACY AND SECURITY ONLINE Senator Patrick Leahy (D-VT), the "Senior Senator from Cyberspace", ardent proponent of Net.Freedom and co-sponsor of 2 bills to repeal encryption export controls, will hold an online "town meeting" on Wednesday May 22 to discuss privacy and security online. DETAILS ON THE EVENT * Wednesday May 22, 4 - 5 pm ET (1 pm Pacific) on HotWired URL: http://www.hotwired.com/wiredside/ To participate, you must be a registered HotWired member (there is no charge for registration). You must also have RealAudio(tm) and a telnet application properly configured to work with your browser. Please visit http://www.hotwired.com/wiredside/ for information on how you can easily register for Hotwired and obtain RealAudio. Wednesday's town meeting is another in a series of planned events, and is part of a broader project coordinated by CDT and the Voters Telecommunications Watch (VTW) designed to bring the Internet Community into the debate and encourage members of Congress to work with the Net.community on vital Internet policy issues. Events with other members of Congress working on Internet Policy Issues are currently being planned. Please check http://www.crypto.com for announcements of future events ------------------------------------------------------------------------ (3) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by more than 9,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request@cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info@cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.20 5/22/96 -----------------------------------------------------------------------