Interactive Week exclusive - White House to launch "Clipper III"

[Timothy C. May]

Bottom Line:

In a way, I am hoping that "Clipper III" is proposed, as it will energize
us once again. Historically, the "Cypherpunks antibodies" have had their
most vigorous growth when faced with a government antigen.


At 8:09 PM GMT 5/18/96, Will Rodger wrote:
>The White House is about to answer recent attempts to liberalize encryption
>exports with a proposal of its own.
>
>Documents obtained by Interactive Week show the Ciinton Administration has
>been lobbying key Republican committee members to compromise on encryption
>through a policy that looks very much like previous commerical key escrow
>efforts.
...
>The URL for the complete article is:
>http://www.zdnet.com/intweek/daily/960518y.html
>
>Will Rodger
>Washington Bureau Chief
>Interactive Week

Many thanks to Will for passing this on the Cypherpunks list. Our
opposition to Clipper I and Clipper II was strong and, I expect, will
continue with CIII.

A question for Will Rodger: Is this "White Paper" ("The newest proposal is
contained in a 24-page White Paper, a draft of which hit Capitol Hill
earlier this week") related in any way to the one being prepared by Herb
Lin and a bunch of other folks? It was due out about this time, and the
topic seems similar.  A bunch of us gave input to Herb and his panel at the
CFP in '95...if this is the same White Paper, looks like we might just as
well have saved our breath.

I read the stuff at the URL, and at first blush it looks to say nothing
about _domestic_ (within the U.S. and Canada) encryption. I'll be anxious
to see what the White Paper says about domestic encryption.

(To be clear, there are currently _no_ laws whatsoever about the types of
crypto a citizen (or resident alien, or, for all intents and purposes,
anyone)  may use, nor about the key length, nor about any form of GAK, etc.
Even Clipper I did not actually mandate allowable forms of crypto, though
many of us thought that this was the desired end-state, down the road. So,
I am tentatively assuming that Clipper III, if passed, will not diretly
impinge on domestic encryption policy, about which the government currently
says nothing.)

However, as with other proposed crypto laws and "trial balloons," there are
several questions which arise:

1. Will there be pressures put on the browser companies (Netscape,
Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris,
Lotus, etc.) to produce a "world version" that meets export standards with
a single shrink-wrapped package?

(Recall that last fall some of the various companies stated as their goal
having a single package that could be shipped worldwide. Some of them
claimed having two versions, a domestic U.S. version and an international
version, was too onerous. I am skeptical of this, given that they have
multiple platforms to support, multiple operating systems, etc. But they
claim it is.)

2. Interoperability. How will U.S. users exchange messages with
international users? Will a U.S. user have to register with the Authorities
to get the proper credentials, protocols, etc.? Will the U.S.-sold versions
of Netscape or Explorer, for example, contain the international GAKed
versions for use with international users?

3. With products like PGP, there are already international users (lots of
them). Thus, no "export laws" are involved. So, will I be able to
communicate with them using my existing PGP methods?

(If not, then my right to use an encryption product is in fact being
limited, contrary to the putative wording of what Clipper III is supposed
to be. To make this clear, I'm _already_ communicating with PGP, so no
"export version" is needed.)

And if U.S. users can continue to interoperate with international users as
they are now doing, this puts the lie to claims about how key escrow will
be useful for law enforcement.

4. And of course there is always the issue of _superencryption_. How a
GAKked program can detect that superencryption is being used has never been
adequately explained (to my satisfaction at least). Entropy measures won't
do it, and forbidding any encryption of messages already containing "BEGIN
PGP" will clearly just be a klugey bandaid.

5. What about U.S.-based corporations with offshore offices? Is a company
supposed to replace its entire intranet corporate network with a GAKked
system if even a single user is outside the U.S.-Canada?

(I fear that this is indeed the proposal. The effect will then be to make
all corporations GAKked.)

6. What about U.S. persons travelling abroad?

7. What about packets zinging around the world? Lots of complications if
GAK is insisted upon. And lots of new avenues for "packet laundering."

8. The issue of why other countries would insist that their citizens GAK
their keys when U.S. citizens don't have to!!

("Yes, Herr Glomlutz, we are insisting that all Germans using Netscape 4.0
must deposit their keys mit der Key Authority. No, we are not requiring our
own citizens to do this." I don't think this will fly too well.)

I can't see how other countries will go along with this.

And what about the usual problem of "rogue nations" like Iraq, Iran, North
Korea, Israel, and Liberia?

9. Many other issues. (They never answered the similar questions raised the
last time, so I doubt they will this time.)


Clipper III, if it turns out to be another worthless proposal which is
laughed out of Washington, will be no real threat. If Clipper III actually
outlaws or places limits on domestic use of crypto (as I think it must,
else it can be too easily circumvented completely), then it will be a
rallying cry which will likely see our membership increase still further,
the anti-Washington rhetoric escalate, and likely some new developments in
the war.


In a way, I am hoping that "Clipper III" is proposed, as it will energize
us once again. Historically, the "Cypherpunks antibodies" have had their
most vigorous growth when faced with a government antigen.


--Tim May


Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."