Some FOIA results re Clipper
Lee Tien and I have submitted a pile of FOIA requests about Clipper. Here is scanned-in text from some of the more interesting results, courtesy of Lee. Search for "required", for a mention of the proposal to require the use of Clipper. Also note that the role of the "national security community" has been deliberately withheld from the public statements (search for "mentioned"). Most agencies have not yet responded with documents. FBI is claiming it will take them a year, and we are preparing to file suit to force them to do it within 10 days like the law requires. (Our NSA suit over the same thing, is continuing through the gears of the court process.) John Gilmore [This page originally XXXXXXXXXXXXXXX TOP SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON, DC 20301-3040 COMMAND CONTROL COMMUNICATIONS AND INTELLIGENCE MEMORANDUM FOR MS. JOANN H. GRUBE, NSA REPRESENTATIVE/NSC PRD-27 EXPORT CONTROL WORKING GROUP SUBJECT: Comments on PRD-27/NSA Draft (U) (U) Following are comments concerning your proposed memorandum to Jim Lewis, Department of State: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXX blacked out via FOIA (b)(1) exemption. XXXXXXXXXXXXXXXXXXX (U) The assertions in this draft are merely unsupported statements. Recommend that the memorandum provide more empirical evidence to back up its assertions, and that the above comments be reflected in its contents. (signed) Daniel J. Ryan Director, Information Systems Security CLASSIFIED BY: OASD(C3I)/DIR, ISS DECLASSIFY ON: OADR [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE 30 APR 1993 (stamped) MEMORANDUM FOR THE ACTING ASSISTANT SECRETARY OF DEFENSE (C3I) Subject: PRD/NSC-27 Advanced Telecommunications and Encryption (U) (U) Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) In its simplest construct, this complex set of issues places the public's right to privacy in opposition to the public's desire for safety. The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts and consequently prosper. They propose that cryptography be made available and required which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to achieve. (U) Opponents of the proposal argue that the public has a right to and an expectation of privacy, that a trapdoor system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that people who are deliberately breaking much more serious laws would not hesitate to use cryptography that does not have a trapdoor, and that secure cryptography will inevitably be supplied by offshore companies. Thus, freedom will be lost and many tax dollars spent to no effect. (U) This situation is complicated by the existence of other interests. For example, there currently exist strict controls on the export of cryptography. The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. In support of their argument, they note that powerful public-key cryptography developed and patented by RSA using U.S. tax dollars is free to developers in Europe, subject to royalties in the United States, and cannot be exported without expensive and time-late export licenses. These charges are true. (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. Actually, it is too late. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM and a telephone. In one recent experiment it took three minutes and fourteen seconds to locate a source-code version of DES on the INTERNET. Widespread availability of DES and RSA will enable offshore developers to provide high-quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXX blacked out via FOIA exemption (b)(1) XXXXXXXXXXX (U) Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases). The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. (U) The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is needed to ascertain the wishes of U.S. citizens with regard to their privacy, and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. (signed) Ray Pollari Acting DASD (CI & SCM) [This page originally SECRET; now UNCLASSIFIED] ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 May 3, 1993 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE EXECUTIVE SUMMARY MEMORANDUM FOR DEPUTY SECRETARY OF DEFENSE FROM: CHARLES A. HAWKINS, JR., ACTING ASD(C3I) (initialed C. Hxxx) SUBJECT: Advanced Telecommunications and Encryption (U) PURPOSE: INFORMATION DISCUSSION: (U) In response to DEPSECDEF's tasking of 21 Apr 93 (TAB A) this information is provided. Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and a broad range of SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts. They propose that cryptography be made available to the public which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to implement. (U) Opponents of the proposal argue that the public has a right to and expectation of privacy, that such a system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that criminals and spies will not hesitate to use secure cryptography supplied by offshore companies. Thus, the loss of privacy would outweigh any advantages to law enforcement or national security. (U) The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses because of strict controls of export of cryptography. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. CLASSIFIED BY: DASD(CI&SCM) DECLASSIFY ON: OADR [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. This would increase the cost of performing the SIGINT mission or decrease the amount of intelligence, or both. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM, and a telephone. Thus far, widespread availability has not led to widespread use. However, widespread availability of DES and RSA will make it possible for offshore developers to provide high- quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXX blacked out under FOIA exemption (b)(1) XXXXXXXXXXXXXXXXXXXXX (U) The President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip. The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is beginning which will ascertain the wishes of U.S. citizens with regard to their privacy and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. Prepared by: Dan Ryan/ODASD(CI & SCM)/x 41779/28 Apr 93/OSD ------- End of Forwarded Message
The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. [...] These charges are true.
I'm really amazed how unbiased these letters are. In fact, maybe they were designed to be suitable for FOIA release. There is none of the one-sided propaganda tone of the Clipper announcement. Virtually all the critical arguments *against* Clipper (which can always be taken in parallel as criticisms of the current NSA role) are present -- except for the constitutionality of its introduction or enforcement. The arguments `against' are even labelled `true' and `persuasive'. I wonder if any of this means anything. It could just be a gimmick to suggest that `all concerns were fairly balanced in the proposal'. Does anyone suppose that the important military aides anticipate FOIA requests and come up with bland and benign documents to satisfy them?
The law enforcement and national security communities ... propose that cryptography be made available and *required* which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications.
For the first time we have an official confirmation that the original intent of Clipper (or similar technology) was to make it *mandatory*. I think this is rather ironic considering many of the apologist's current main rationalizations (Denning, Sternlight, etc.) that it is a `voluntary' program. Caveat Emptor!
at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases).
`incentivised' -- a cute euphemism for collusion. I wonder to what extent they were `incentivised'.
(U) The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned.
eeks, that sounds amazingly ominous. Why would they say in one sentence `law enforcement officials have access to the keys' and then in the next `the security of the scheme for national security purposes is not revealed'?
In the meantime, DoD has trapdoor technology ...
wow, they call Clipper `trapdoor technology' -- great PR, for us.
These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and a broad range of SIGINT targets.
`narcotraffickers' -- doesn't sound as hysterically paranoid as `drug dealers'. Also, first time I've heard SIGINT and `espionage agents of foreign powers' mentioned `officially' relative to Clipper (although of course that intent was obvious). Just another effective death threat on Clipper, because it will have the absolute *least* effect in foreign countries.
A highly-emotional, spirited public debate is likely.
hehe, it's the NSA that is highly emotional. I'd say they're shuddering and crying. OK OK, low blow, sorry. [proliferation of strong cryptography]
This would increase the cost of performing the SIGINT mission or decrease the amount of intelligence, or both.
both. already.
Thus far, widespread availability has not led to widespread use.
hm, how could that be? It wouldn't have anything to do with draconian export regulations, would it? So, in short, we have greater confirmation of our worst fears: Clipper was not just designed to be domestic, the purveyors of Clipper were considering a *mandatory* scheme from the start, and national intelligence interests have been obscured intentionally. Also, we have many more obfuscations of who `directed' the Clipper approach -- it claims that the president did. This phrasing is very critical, understand, because the NSA has no authority to make such a proposal, and they must continue to assert that it was originated by the Executive branch for it to have any semblance of legitimacy. Note how they always evade mention of *which* president, it is just The President. (Or as Sternlight once told me, The Whitehouse.)
A highly-emotional, spirited public debate is likely.
Hm. This from a letter dated April 30, Clipper released April 16. Is this a `reaction' or an `anticipation'? This terminology overall closely mirrors the Clipper announcement. Blacked out sections presumably contain arguments on NSA capabilities relative to the new technology. Things like `the proliferation of strong cryptography is a very serious threat to the continued existence of the agency' and `a major current trend of diminuition and erosion in signal interception capabilities can be identified.' It seems to me that the next major threat will be something approximating a mandatory scheme using cloaked terminology (e.g. under the guise of `regulating the industry' and `protecting the consumer') as I wrote on sci.crypt. I think we really have to drive home the point that any mandatory scheme is fundamentally unconstitutional. This little epiphany apparently has not occured to anyone who matters in the development of Clipper policy yet. BTW what is the significance of two copies of the same letter here? p.s. special thanks to J. Gilmore for this critical information.
participants (2)
-
gnu -
L. Detweiler