We sent in an administrative appeal on June 17th, 1993, of various things that were withheld in the response to our FOIA request. The Office of the Secretary of Defense responded on December 21, 1993 -- six months later. (By law, agencies have twenty business days to respond to an administrative appeal. However, agencies regularly violate all FOIA time limits because the courts have largely refused to censure agencies for breaking the law, and have refused to force agencies to follow the law. I will point this out each time it happens, largely to educate you -- the general public -- about how pervasive a problem this is.) We did an administrative appeal of the parts they withheld and other documents they did not provide. The result is that one more doc came out (a cover sheet for a review copy of the President's actual directive, which is still classified and has been referred back to the National Security Council for processing), and the previously withheld paragraph of the last two memos below is now only blacked out for a sentence or two. The newly released text is highlighted with XXXX's and explanation. John Gilmore  [This page originally XXXXXXXXXXXXXXX TOP SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON, DC 20301-3040 COMMAND CONTROL COMMUNICATIONS AND INTELLIGENCE MEMORANDUM FOR MS. JOANN H. GRUBE, NSA REPRESENTATIVE/NSC PRD-27 EXPORT CONTROL WORKING GROUP SUBJECT: Comments on PRD-27/NSA Draft (U) (U) Following are comments concerning your proposed memorandum to Jim Lewis, Department of State: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXX blacked out via FOIA (b)(1) exemption. XXXXXXXXXXXXXXXXXXX (U) The assertions in this draft are merely unsupported statements. Recommend that the memorandum provide more empirical evidence to back up its assertions, and that the above comments be reflected in its contents. (signed) Daniel J. Ryan Director, Information Systems Security CLASSIFIED BY: OASD(C3I)/DIR, ISS DECLASSIFY ON: OADR  [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE 30 APR 1993 (stamped) MEMORANDUM FOR THE ACTING ASSISTANT SECRETARY OF DEFENSE (C3I) Subject: PRD/NSC-27 Advanced Telecommunications and Encryption (U) (U) Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) In its simplest construct, this complex set of issues places the public's right to privacy in opposition to the public's desire for safety. The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts and consequently prosper. They propose that cryptography be made available and required which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to achieve. (U) Opponents of the proposal argue that the public has a right to and an expectation of privacy, that a trapdoor system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that people who are deliberately breaking much more serious laws would not hesitate to use cryptography that does not have a trapdoor, and that secure cryptography will inevitably be supplied by offshore companies. Thus, freedom will be lost and many tax dollars spent to no effect. (U) This situation is complicated by the existence of other interests. For example, there currently exist strict controls on the export of cryptography. The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. In support of their argument, they note that powerful public-key cryptography developed and patented by RSA using U.S. tax dollars is free to developers in Europe, subject to royalties in the United States, and cannot be exported without expensive and time-late export licenses. These charges are true. (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. Actually, it is too late. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM and a telephone. In one recent experiment it took three minutes and fourteen seconds to locate a source-code version of DES on the INTERNET. Widespread availability of DES and RSA will enable offshore developers to provide high-quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX The entire paragraph that follows was originally withheld as XX XXXX classified information. We appealed the withholding, and XXXXX XXXX most of the paragraph was released, with only one or two XXXXXX XXXX sentences withheld at the bottom. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [(S) crossed out, replaced by] (U) Trapdoor encryption technology is not essential to the debate (a system that required the escrow of keys by users of cryptographic technologies could be established even if the trapdoor chips did not exist), proposed use of trapdoor technology does raise a further complication: neither the academic community nor private industry is comfortable with encryption algorithms that are kept secret, as will be the case with the trapdoor chip. It has been suggested that an independent panel of cryptography experts will be invited to evaluate the algorithm. This will undoubtedly fail to reassure the community at large that there are no unrecognized vulneratilities, since the panel will be perceived as captive and tainted. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX One or two sentences blacked out via FOIA exemption (b)(1) XXXX (U) Despite these concerns, the President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip, and at least AT&T has been reported willing to do so (having been suitably incentivised by promises of Government purchases). The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. (U) The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is needed to ascertain the wishes of U.S. citizens with regard to their privacy, and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. (signed) Ray Pollari Acting DASD (CI & SCM)  [This page originally SECRET; now UNCLASSIFIED] ASSISTANT SECRETARY OF DEFENSE WASHINGTON DC 20301-3040 May 3, 1993 COMMAND, CONTROL, COMMUNICATIONS AND INTELLIGENCE EXECUTIVE SUMMARY MEMORANDUM FOR DEPUTY SECRETARY OF DEFENSE FROM: CHARLES A. HAWKINS, JR., ACTING ASD(C3I) (initialed C. Hxxx) SUBJECT: Advanced Telecommunications and Encryption (U) PURPOSE: INFORMATION DISCUSSION: (U) In response to DEPSECDEF's tasking of 21 Apr 93 (TAB A) this information is provided. Advances in telecommunications have created the opportunity for public use of encryption to ensure the privacy and integrity of business and personal communications. These same advances threaten the capabilities of law enforcement and national security operations that intercept the communications of narcotraffickers, organized criminals, terrorists, espionage agents of foreign powers and a broad range of SIGINT targets. Diverse interests are in diametric opposition with regard to industry's right to sell and the public's right to use such capabilities. A highly-emotional, spirited public debate is likely. (U) The law enforcement and national security communities argue that if the public's right to privacy prevails and free use of cryptography is allowed, criminals and spies will avoid wiretaps and other intercepts. They propose that cryptography be made available to the public which contains a "trapdoor" that would allow law enforcement and national security officials, under proper supervision, to decrypt enciphered communications. Such cryptography exists, and while there are many practical problems to be solved, this proposal is technically possible to implement. (U) Opponents of the proposal argue that the public has a right to and expectation of privacy, that such a system would be prone to misuse and abuse, and that the proposed solution would not work in any practical sense. They assert that criminals and spies will not hesitate to use secure cryptography supplied by offshore companies. Thus, the loss of privacy would outweigh any advantages to law enforcement or national security. (U) The computer industry points out that it has one of the few remaining positive trade balances and that it is vital that the dominance of the American computer industry in world markets be preserved. The industry fears that this will be lost if offshore developers incorporate high-quality cryptography into their products while U.S. industry either cannot do so or suffers higher costs or delays due to requirements for export licenses because of strict controls of export of cryptography. The industry argues persuasively that overseas markets (much less drug lords or spies) will not look with favor on U.S. products which have known trapdoors when offshore products which do not have them are available. CLASSIFIED BY: DASD(CI&SCM) DECLASSIFY ON: OADR  [This page originally XXXXXXXX SECRET; now UNCLASSIFIED] (U) The national security community is especially interested in preventing the spread of high-quality encipherment routines overseas, and argues that more extensive use here at home will inevitably result in such a proliferation. This would increase the cost of performing the SIGINT mission or decrease the amount of intelligence, or both. The Data Encryption Standard (DES) is already widely available throughout the world in both hardware and software forms, and DES software can be downloaded anywhere in the world from public bulletin boards by anyone with a PC, a MODEM, and a telephone. Thus far, widespread availability has not led to widespread use. However, widespread availability of DES and RSA will make it possible for offshore developers to provide high- quality encipherment for voice and data communications in competition with U.S. industry's products. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX The entire paragraph that follows was originally withheld as XX XXXX classified information. We appealed the withholding, and XXXXX XXXX most of the paragraph was released, with only one or two XXXXXX XXXX sentences withheld at the bottom. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [(S) crossed out, replaced by] (U) Trapdoor encryption technology is not essential to the debate since a system that required the escrow of keys by users of cryptographic technologies could be established even if the trapdoor chips did not exist. Proposed use of trapdoor technology does raise a further complication: neither the academic community nor private industry is comfortable with encryption algorithms that are kept secret, as will be the case with the trapdoor chip. It has been suggested that an independent panel of cryptography experts will be invited to evaluate the algorithm. This will not reassure the community at large that there are no unrecognized vulneratilities, since the panel will be perceived as captive and tainted. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXX One or two sentences blacked out via FOIA exemption (b)(1) XXXX (U) The President has directed that the Attorney General request that manufacturers of communications hardware use the trapdoor chip. The Attorney General has also been directed to create a system for escrow of key material. The Secretary of Commerce has been directed to produce standards based on the use of the trapdoor chip. The President has also directed that the fact that law enforcement officials will have access to the keys will not be concealed from the public. National security officials are not mentioned. (U) The new administration is committed to the development of an information superhighway and a National Information Infrastructure in support of the economy. This worthy goal is independent of arguments as to whether or not law enforcement and national security officials will be able to read at will traffic passing along the information superhighway. A full-scale public debate is beginning which will ascertain the wishes of U.S. citizens with regard to their privacy and the impact on public safety of preserving privacy at the expense of wiretapping and communications intercept capabilities of law enforcement and national security personnel. It is not clear what the public will decide. In the meantime, DoD has trapdoor technology and the Government is proceeding with development of the processes needed to apply that technology in order to maintain the capability to perform licit intercept of communications in support of law enforcement and national security. Prepared by: Dan Ryan/ODASD(CI & SCM)/x 41779/28 Apr 93/OSD -- John Gilmore gnu@toad.com -- gnu@cygnus.com -- gnu@eff.org ``This committee has not tried to determine whether the National Security Agency tendency to advance exaggerated claims of authority ... stems from conscious policy or the actions of individual NSA employees.'' The Government's Classification of Private Ideas, House Report 96-1540, p. 67