How I Would Ban Strong Crypto in the U.S.

[Timothy C. May]

At 12:18 AM 7/15/96, Dave Banisar wrote:
>Its now up at http://www.epic.org/crypto/key_escrow/wh_cke_796.html
>

Thanks. I took an initial look, and it looks like the same old stuff.

The report speaks of an "emerging consensus" (for key escrow). I see just
the opposite, unless the report is speaking only of the U.S. intelligence
and law enforcement community and its foreign counterparts. Business has
made it clear (cf. the several recent reports) that it is opposed to the
Administration's plan, and that if a market for some form of key escrow
exists (as it certainly does, in specific contexts), that the market can
supply the solution.

And certainly the civil liberties groups and groups such as ourselves are
not part of this "emerging consensus." Ditto for the "average man in the
street," as evidenced by opinion polls (I recall 80% opposition reported by
one of the newsweeklies, but don't quote me), by anecdotal reports (e.g.,
Zimmermann's tale of his discussions), and by opposition to Clipper I,
Clipper II, and now Clipper III.

A bunch of Congressmen, including the axis supporting the Burns bill,
obviously are not part of this emerging consensus.

The National Research Council report made it clear that a distinguished
panel of cryptographers, computer scientists, and policy professionals did
not think key escrow is desirable.

And the hundreds of folks in attendance at recent SAFE and NRC travelling
roadshows were obviously not in support of key escrow.

Business, civil liberties groups, professional organizations, and most Net
people are opposed to the Administration's key ecrow proposals (such as
they are understood to be, in Clipper I/II/III).

So, who is in this "emerging consensus"?

Moving on to the wisdom of imposing a government solution to what either is
or is not a market need, there is great danger in deploying even a
nominally (at this time) "voluntary standard." This is a danger many of us
have felt for years to be the main danger of nominally (and ostensibly)
"voluntary" systems.

Imagine a voluntary system supported and funded by the government, using
its power to limit exports and to "jawbone" foreign governments. (No time
here to examine the obvious issues--cf. the archives for many explications
over the past several years.)

Once widely deployed, and perhaps mandatory in countries like France,
Singapore, Iraq, and the like, it would take very little more to simply
pass a law restricting the non-escrowed alternative in the U.S.

(Sure, such a law might be unconstitutional, for the reasons we so often
discuss. Sure, there are many circumventions possible. Sure. The point is
not to rehash these points again but to indicate why Cypherpunks and civil
libertarians should NOT support any plan, even a "voluntary" plan, that
puts such power to set standards in the hands of the government. Even a
"signed promise" is not enough, given the dangers of "flipping a switch.")

Is this a plausible scenario, though? Well, were I in the LEA/TLA
community, this is what my fallback plan would probably be. Realizing that
a full-frontal ban on strong crypto, or crypto without backdoors, would not
fly at this time (unless Oklahoma II happens, in which case all bets are
off), and realizing that the plans for Clippers I, II, and III have been
fizzling, I would push for a relatively harmless-sounding "voluntary key
escrow" plan.

I would push hard on Netscape, Microsoft, Novell, Sun, Apple, and the other
companies (but mainly on Netscape and MS, for obvious reasons) to bundle in
"trusted third parties" and all that GAK stuff. Bundle it in, make it easy
to use, make it easy to export, make it easy to spread in crypto-hostile
countries, and hope like hell that it undermines the push for PGP and
S/MIME.

I would work closely with Mossad, GCHQ, SDECE, Chobetsu, Savak, and all the
other secret policemen of the world to make sure that while America might
remain an "island of strong crypto" for a while at least, that the same
could not be said of other countries. That is, I would work to help them
limit crypto use in their own countries to GAK-only forms.

(Those pesky survivalists, militia members, and ACLU folks in America could
keep using their Bass-o-matic and PGP  tools, but most of the rest of the
world would be mostly limited to GAK and New World Order software.)

Then, in about 2002 or so, depending on how many more serious terrorist
incidents have occurred, I would drop the hammer on strong crypto. Maybe an
Executive Order, maybe a state of national emergency, maybe a liberal
interpretation of the commerce clause, maybe an Act of Congress....

Once a New World Order-approved GAK system is widely deployed, outlawing of
"rogue cryptography" in the U.S. is more manageable.

That's what I would do.

(But not being on that side of the ideological fence, I will instead fight
GAK as I always have. And I will not be fooled by talk of how "Americans
will always be free any form of cryptography." Not when those same reports
from the Administration, and the testimony of Louis Freeh, etc., is in the
same breath taling about the need to stop pornographers from encrypting
their files, and so forth. Do they think we're stupid?)

Don't be fooled.

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."