SAFE vote and cutting crypto-deals, report from House Judiciary
---------- Forwarded message ---------- Date: Wed, 14 May 1997 21:11:35 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: fight-censorship-announce@vorlon.mit.edu Subject: SAFE vote and cutting crypto-deals, report from House Judiciary You get a sense of the inevitable when you're handed a stack of press releases congratulating a committee for passing a bill -- an hour before the vote happens. That's what happened this afternoon when the House Judiciary committee unanimously approved SAFE, a bill that generally loosens export controls on crypto. Now, today's vote doesn't mean that the bill will move to the floor unmolested, and it doesn't mean that all its problems have been fixed. The Judiciary Committee doesn't have jurisdiction over export relaxations, and the bill's opponents pledged to fight when the measure moves to the International Relations committee. Then there's that portion about using crypto in a crime: it's been modified, cleaned up, but not removed. High and low points of today's hearing. I'll keep these short since I've got to get to sleep: * In another blow to the White House, the New Democrat Coalition is demanding that the White House change its crypto-policy. A letter the group of centrist Dems sent to Clinton today said: "We are deeply concerned that current policy restricting exports of cryptography technology poses a real threat to U.S. dominance..." * The heinous section of the law that would create broad new Federal felonies for some uses of crypto was replaced. The amendment, offered by Rep. Delahunt and adopted unanimously includes eight hurdles: "Any person who, in the commission of a felony under a criminal statute of the United States, knowingly and willfully encrypts incriminating information relating to that felony with the intent to conceal such information for the purposes of avoiding detection by law enforcement agencies or prosecution..." It's a solid improvement, but this language still has no business becoming law. Problem is, nobody seems to have the balls to stand up and yank it. Delahunt, the amendment's sponsor, said the bill without the amendment "could have a chilling effect on the development and use of encryption." He added: "I recognize that some supporters of this amendment would like that this section be removed altogether." But it doesn't seem likely. * The word on the streets is compromise. Hyde, chair of House Judiciary, brokered a meeting in his offices yesterday bringing together spooks, law enforcement, Goodlatte, and staffers. He says they're "very close to resolving any difficulties." Rep. McCollum chimed in: "It's just a matter of time before we work something out." Rep. Buyer said, and I am not making this up: "We should be good listeners to the NSA." Rep. Berman: "I hope there would be some way to bridge the differences between the administration and Goodlatte." More on this later... * Rep. Hutchinson introduced an amendment that passed unanimously: (a) The Attorney General shall compile, and maintain in classified form, data on the instances in which encryption (as defined in section 2801 of title 18 USC) has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce the criminal laws of the United States. (b) The information compiled under subsection (a), including an unclassified summary thereof, shall be made available, upon request, to any Member of Congress. Problem is, a similar provision is *ALREADY LAW*. (It passed last year as part of an omnibus spending bill.) Brock Meeks wrote about it in his last Muckraker column: http://www.muckraker.com/ And this is bad news: we already know that piss-poor crypto -- we're talking Brian Milburn-style, or WordPerfect strength -- has interfered with investigations. But with the NSA's help, cops were able to tunnel through it. That's why the Feds should be looking not at whether it *interferes* with an investigation, but whether it has *derailed* one. At least when the NRC report came out last year, not one investigation was derailed through the use of crypto. But even if it has derailed an investigation -- well, that may be the price of freedom... * Rep. McCollum (R-Fl), a real Big Brother type of guy, added an amendment to page 4, line 14 that passed unanimously. Addition is in caps: Subsection (a) shall not afect the authority of any investigative or law enforcement officer OR ANY MEMBER OF THE INTELLIGENCE COMMUNITY acting under any law in effect on the effective date of this chapter, to gain access to encrypted information. Now what the hell does this mean? Says McCollum: ""it is truly a technical amendment." * Rep. Rothman was the only one who pointed out how government access to keys reduces freedom: "It raises civil libertarian and totalitarian issues for me." He recounted how at a recent hearing he asked the administration: "Let's cut to the chase: do you want to mandate this access?" The reply: "No, no, no." I've said it before and I'll say it again: Congress desperately wants to compromise. They're aching to split the difference, cut a deal, and screw the pooch in the process. Just watch for the backroom scheming over the next few months. And if the worst features of all the crypto-bills are combined into one package that's attached to a huge spending bill that "just has to go through" -- well, don't say I didn't warn you... -Declan
At 9:15 PM -0700 5/14/97, Declan McCullagh wrote:
... * The word on the streets is compromise. Hyde, chair of House Judiciary, brokered a meeting in his offices yesterday bringing together spooks, law enforcement, Goodlatte, and staffers. He says they're "very close to resolving any difficulties."
Rep. McCollum chimed in: "It's just a matter of time before we work something out." Rep. Buyer said, and I am not making this up: "We should be good listeners to the NSA." Rep. Berman: "I hope there would be some way to bridge the differences between the administration and Goodlatte."
During a hall discussion at CFP, I heard that people at NSA are changing their opinions about the use of strong crypto in the general community. The reason is the threat of InfoWar and the need for strong crypto in general use to secure the US information infrastructure. ------------------------------------------------------------------------- Bill Frantz | God could make the world | Periwinkle -- Consulting (408)356-8506 | in six days because he did | 16345 Englewood Ave. frantz@netcom.com | not have an installed base.| Los Gatos, CA 95032, USA
At 11:07 AM -0800 5/15/97, Thomas Porter wrote:
At 09:32 AM 5/15/97 -0700, Bill Frantz thoughtfully expounded thus:
During a hall discussion at CFP, I heard that people at NSA are changing their opinions about the use of strong crypto in the general community. The reason is the threat of InfoWar and the need for strong crypto in general use to secure the US information infrastructure.
I realize I may catch it for my numerical ignorance here, but a more paranoid type might think that any acquiescence on the part of NSA might be due to more relative ease of breaking important traffic than they might have possessed in the past.
I was at the same CFP aisle discussion Bill Frantz is referring to, or at least heard the same thing in a similar discussion. Clint Brooks of the NSA (or one of its cutouts), Stuart Baker, Jim Bidzos, and seveeral of us were talking about the overall crypto situation. Attacks on U.S. interests had just been covered by a couple of panels, so "infowar" was in the air. Brooks admitted that NSA was rethinking its opposition to strong crypto, as they realized (duh) that weak crypto, e.g., <50 bits today, <60 bits in a few years, etc., could allow attacks on financial and other institutions. Left as an exercise is whether subsequent policy actions by NSA and D.C. in general are consistent with this "Crypto Perestroika" (tm).
Does any one on the list have any ideas on what the Intel mega-pentium parallel processor (touted for nuclear explosion and weather simulations a few months back, and noticeably missing any mention of NSA application) does to the time estimates for cracking "strong" crypto keys? I am being purposefully vague in my definitions of strong crypto, but I would present as my test cases PGP ascii-armor traffic of 2048 key length or plain files encrypted with pgp -c option; ie. typical crypto-criminal/narco-terrorist fodder.
Please see the usual discussion in Schneier of work factos for breaking various key length systems. See also the study by the "Distinguished Cryptographers Panel" (don't have an URL handy, but a search on Schneier, Blaze, Rivest should turn it up). Bottom line: work factor grows exponentially in key length. Processor power has been growing much more slowly, and even a 1000-processor parallel computer is good for only about 10 bits. Ditto for the processors themselves, with Intel's latest Pentium II good for "only" a few bits over the Pentium, which itself was good for only a few bits over the 486, and so on. Left as another exercise: How many bits are needed in a key before exhaustive search (the attack being assumed...if a "clever" attack exists, then of course it could almost cerainly be done on an abacus) of the keyspace needs all the processors in the world running for a thousand years? How many bits before converting the Earth into nanocomputers is not enough to search the keyspace in the age of the Earth? And so on. The answers may surprise you. And using longer keys is "easy" to do. Breaking longer keys is "hard." Strong crypto wins out very quickly. This is why there is no "middle ground" on crypto...it's either strong or its weak, with nothing in between. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Thu, May 15, 1997 at 12:42:15PM -0800, Tim May wrote: [...]
And using longer keys is "easy" to do. Breaking longer keys is "hard." Strong crypto wins out very quickly.
This is why there is no "middle ground" on crypto...it's either strong or its weak, with nothing in between.
An oversimplification. You, of course, know better. A crypto system has to be considered as a whole (rubber hoses, key management, etc). That's where the "in between" comes from, and will continue to come from, regardless of the strength of the algorithms. -- Kent Crispin "No reason to get excited", kent@songbird.com the thief he kindly spoke... PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55 http://songbird.com/kent/pgp_key.html
At 12:07 PM -0700 5/15/97, Thomas Porter wrote:
At 09:32 AM 5/15/97 -0700, Bill Frantz thoughtfully expounded thus:
During a hall discussion at CFP, I heard that people at NSA are changing their opinions about the use of strong crypto in the general community. The reason is the threat of InfoWar and the need for strong crypto in general use to secure the US information infrastructure.
... How does this strength of encryption compare to whatever might be used to "secure the nation's info infrastructure" [Netscape 40 bit!!??] regarding cracking time?
I believe that the person who made this statement shares the standard cyperpunk definition of "strong crypto". I.e. Unbreakable before the heat death of the universe. IMHO, this view comes from the fact that most foreign government and international terrorist communication is already strongly encrypted, so having strong systems in wider use does very little to reduce NSA's intelligence gathering abilities. (See "Secret Power, New Zealand's role in the international spy network" by Nicky Hager for evidence supporting this view.) Since part of NSA's job is to defend the USA against foreign enemies, this faction has decided that the benefits of widespread strong crypto outweigh the costs, a very cypherpunk view. To go even further out on a limb, there may be a NSA faction that worries about the inevitable weakness that GAK inserts in any crypto system. NSA was badly burned by the weaknesses in Clipper. Tim May wrote:
Left as an exercise is whether subsequent policy actions by NSA and D.C. in general are consistent with this "Crypto Perestroika" (tm).
I am speaking of a faction within NSA. They may represent the agencies position and have been shot down by the White House, or they may have lost within the agency. We have no way of knowing which. (Do we?) ------------------------------------------------------------------------- Bill Frantz | God could make the world | Periwinkle -- Consulting (408)356-8506 | in six days because he did | 16345 Englewood Ave. frantz@netcom.com | not have an installed base.| Los Gatos, CA 95032, USA
At 09:32 AM 5/15/97 -0700, Bill Frantz thoughtfully expounded thus:
During a hall discussion at CFP, I heard that people at NSA are changing their opinions about the use of strong crypto in the general community. The reason is the threat of InfoWar and the need for strong crypto in general use to secure the US information infrastructure.
I realize I may catch it for my numerical ignorance here, but a more paranoid type might think that any acquiescence on the part of NSA might be due to more relative ease of breaking important traffic than they might have possessed in the past. Does any one on the list have any ideas on what the Intel mega-pentium parallel processor (touted for nuclear explosion and weather simulations a few months back, and noticeably missing any mention of NSA application) does to the time estimates for cracking "strong" crypto keys? I am being purposefully vague in my definitions of strong crypto, but I would present as my test cases PGP ascii-armor traffic of 2048 key length or plain files encrypted with pgp -c option; ie. typical crypto-criminal/narco-terrorist fodder. How does this strength of encryption compare to whatever might be used to "secure the nation's info infrastructure" [Netscape 40 bit!!??] regarding cracking time? Clearly less, but how much less on this type of specialized parallel processor? To put it another way, any swags on how long it would take this pentium parallel processor to crack the current DES56 challenge? Inquiring (and ignorant) minds want to know, Tom Porter txporter@mindspring.com ------------------------------------------------------------------------ "I do believe that where there is a choice only between cowardice and violence, I would advise violence." Mahatma Gandhi
participants (5)
-
Bill Frantz -
Declan McCullagh -
Kent Crispin -
Thomas Porter -
Tim May