Home » Misc » Publications » Barlow  
*****************************
A Plain Text on Crypto Policy
*****************************
For the October, 1993  Electronic Frontier column
in Communications of the ACM
by
John Perry Barlow

The field of cryptography, for centuries accustomed to hermetic isolation
within a culture as obscure as its own puzzles, is going public. People who
thought algorithms were maybe something you needed to dig rap music are
suddenly taking an active interest in the black arts of crypto.

We have the FBI and NSA to thank for this. The FBI was first to arouse
public concerns about the future of digital privacy with its  injection of
language year before last into a major Senate anti-crime bill (SB 266)
which would have registered the congressional intent that all providers of
digitized communications should provide law enforcement with analog access
to voice and data transmissions of their subscribers. 

When this was quietly yanked in committee, they returned with a proposed
bill called Digital Telephony. If passed, it would have essentially called
a halt to most American progress in telecommunications until they could be
assured of their continued ability to wiretap. Strange but true.

They were never able to find anyone in Congress technologically backward
enough to introduce this oddity for them, but they did elevate public
awareness of the issues considerably.  

The National Security Agency, for all its (unknown but huge) budget, staff,
and MIPS, has about as much real world political experience as the Order of
Trappists and has demonstrated in its management of cryptology export
policies the maddening counter-productivity that is the usual companion of
inexperience. 

The joint bunglings of these two agencies were starting to infuriate a lot
of people and institutions who are rarely troubled by Large Governmental
Foolishness in the Service of Paranoia. Along with all the usual paranoids,
of course. 

Then from the NSA's caverns in Fort Meade, Maryland there slouched a chip
called Clipper. 

For those of you who just tuned in (or who tuned out early), the Clipper
Chip...now called Skipjack owing to a trademark conflict...is a hardware
encryption device that NSA designed under Reagan-Bush. In April it was
unveiled by the Clinton Administration and proposed for both governmental
and public use. Installed in phones or other telecommunications tools, it
would turn any conversation into gibberish for all but the speaker and his
intended listener, using a secret military algorithm. 

Clipper/Skipjack is unique, and controversial, in that it also allows the
agents of government to listen under certain circumstances. Each chip
contains a key that is split into two parts immediately following
manufacture. Each half is then placed in the custody of some trusted
institution or "escrow agent." 

If, at some subsequent time, some government agency desires to legally
listen in on the owner of the communications device in which the chip has
been placed, it would present evidence of "lawful authority" to the escrow
holders. They will reveal the key pairs, the agency will join them, and
begin listening to the subject's unencrypted conversations.  

(Apparently there are other agencies besides law enforcement who can
legally listen to electronic communications.  The government has evaded
questions about exactly who will have access to these keys, or for that
matter, what, besides an judicial warrant, constitutes the "lawful
authority" to which they continually refer.)  

Clipper/Skipjack was not well received. The blizzard of anguished ASCII it
summoned forth on the Net has been so endlessly voluble and so painstaking
in its "How-many-Cray-Years-can-dance-on-the-head-of-a-Clipper-Chip"
technical detail that I would guess all but the real cypherpunks are by now
data-shocked into listlessness and confusion. 

Indeed, I suspect that even many readers of this publication...a group with
prodigious capacity for assimilating the arid and obscure...are starting to
long for the days when their knowledge of cryptography and the public
policies surrounding it was limited enough to be coherent. 

So I almost hesitate to bring the subject up. Yet somewhere amid this
racket, decisions are being made that will profoundly affect your future
ability to communicate without fear. Those who would sacrifice your liberty
for their illusions of public safety are being afforded some refuge by the
very din of opposition. 

In the hope of restoring both light and heat to the debate, I'm going to
summarize previous episodes, state a few conclusions I've drawn about the
current techno-political terrain, and recommend positions you might
When I first heard about Clipper/Skipjack, I thought it might not be such a
bad idea. This false conclusion was partly due to the reality distorting
character of the location...I was about fifty feet away from the Oval
Office at the time...but it also seemed like one plausible approach to what
may be the bright future of crime in the Virtual Age. 

I mean, I can see what the Guardian Class is worried about. The greater
part of business is already being transacted in Cyberspace. Most of the
money is there. At the moment, however, most of the monetary bits in there
are being accounted for. Accounting is digital, but cash is not. 

It is imaginable that, with the widespread use of digital cash and
encrypted monetary exchange on the Global Net, economies the size of
America's could appear as nothing but oceans of alphabet soup. Money
laundering would no longer be necessary. The payment of taxes might 
become more or less voluntary. A lot of weird things would happen after 
that...

I'm pretty comfortable with chaos, but this is not a future I greet without
reservation. 

So, while I'm not entirely persuaded that we need to give up our future
privacy to protect ourselves from drug dealers, terrorists, child
molesters, and un-named military opponents (the Four Horsemen of Fear
customarily invoked by our protectors), I can imagine bogeymen whose
traffic I'd want visible to authority. 

Trouble is, the more one learns about Clipper/Skipjack, the less persuaded
he is that it would do much to bring many actual Bad Guys under scrutiny. 

As proposed, it would be a voluntary standard, spread mainly by the market
forces that would arise after the government bought a few tons of these
chips for their own "sensitive but unclassified" communications systems. No
one would be driven to use it by anything but convenience. In fact, no one
with any brains would use it if he were trying to get away with anything. 

In fact, the man who claims to have designed Clipper's basic specs, Acting
NIST Director Ray Kammer, recently said,  "It's obvious that anyone who
uses Clipper for the conduct of organized crime is dumb." No kidding. At
least so long as it's voluntary. 

Under sober review, there mounted an incredibly long list of reasons to
think Clipper/Skipjack might not be a fully-baked idea. In May, after a
month of study, the Digital Privacy and Security Working Group, a coalition
of some 40 companies and organizations chaired by the Electronic Frontier
Foundation (EFF), sent the White House 118 extremely tough questions
regarding Clipper, any five of which should have been sufficient to put the
kibosh on it.  

The members of this group were not a bunch of hysterics. It includes DEC,
Hewlett-Packard, IBM, Sun, MCI, Microsoft, Apple, and AT&T (which was 
also, interestingly enough, the first company to commit to putting
Clipper/Skipjack in its own products). 

Among the more troubling of their questions: 

o       Who would the escrow agents be?

o       What are Clipper's likely economic impacts, especially in regard to
export of American digital products? 

o       Why is its encryption algorithm secret and why should the public
have confidence in a government-derived algorithm that can't be privately
tested? 

o       Why is Clipper/Skipjack being ram-rodded into adoption as a
government standard before completion of an over-all review of U.S.
policies on cryptography? 

o       Why are the NSA, FBI, and NIST stone-walling Freedom of Information
inquiries about Clipper/Skipjack? (In fact, NSA's response has been,
essentially, "So? Sue us.")

o       Assuming Clipper/Skipjack becomes a standard, what happens if the
escrow depositories are compromised? 

o       Wouldn't these depositories also become targets of opportunity for
any criminal or terrorist organization that wanted to disrupt US. law
enforcement? 

o       Since the chip transmits its serial number at the beginning of each
connection, why wouldn't it render its owner's activities highly visible
through traffic analysis (for which government needs no warrant)?

o       Why would a foreign customer buy a device that exposed his
conversations to examination by the government of the United States? 

o       Does the deployment and use of the chip possibly violate the 1st,
4th, and 5th Amendments to the U.S. Constitution? 

o       In its discussions of Clipper/Skipjack, the government often uses
the phrase "lawfully authorized electronic surveillance." What, exactly, do
they mean by this?

o       Is it appropriate to insert classified technology into either the
public communications network or into the general suite of public
technology standards?

And so on and so forth. As I say, it was a very long list.  On July 29,
John D. Podesta, Assistant to the President and White House Staff Secretary
(and, interestingly enough, a former legal consultant to EFF and Co-Chair
of the Digital Privacy Working Group), responded to these questions. He
actually answered few of them. 

Still un-named, undescribed, and increasingly unimaginable were the escrow
agents. Questions about the inviolability of the depositories were met with
something like, "Don't worry, they'll be secure. Trust us."

There seemed a lot of that in Podesta's responses. While the government had
convened a panel of learned cryptologists to examine the classified
Skipjack algorithm, it had failed to inspire much confidence among the
crypto establishment, most of whom were still disinclined to trust anything
they couldn't whack at themselves. At the least, most people felt a proper
examination would take longer than the month or so the panel got. After
all, it took fifteen years to find a hairline fissure in DES .   

But neither Podesta nor any other official explained why it had seemed
necessary to use a classified military algorithm for civilian purposes. Nor
were the potential economic impacts addressed. Nor were the concerns about
traffic analysis laid to rest. 

But as Thomas Pynchon once wrote, "If they can get you asking the wrong
questions, they don't have to worry about the answers." Neither asked nor
answered in all of this was the one question that kept coming back to me:
Was this trip really necessary? 

For all the debate over the details, few on either side seemed to be
approaching the matter from first principles. Were the enshrined
threats...drug dealers, terrorists, child molesters, and foreign
enemies...sufficiently and presently imperiling to justify fundamentally
compromising all future transmitted privacy? 

I mean...speaking personally now...it seems to me that America's greatest
health risks derive from the drugs that are legal, a position the
statistics overwhelmingly support. And then there's terrorism, to which we
lost a total of two Americans in 1992, even with the World Trade Center
bombing, only 6 in 1993. I honestly can't imagine an organized ring of
child molesters, but I suppose one or two might be out there. And the last
time we got into a shooting match with another nation, we beat them by a
kill ratio of about 2300 to 1. 

Even if these are real threats, was enhanced wire-tap the best way to
combat them? Apparently, it hasn't been in the past. Over the last ten
years the average total  nation-wide number of admissible state and federal
wire-taps has numbered less than 800. Wire-tap is not at present a major
enforcement tool, and is far less efficient than the informants, witnesses,
physical evidence, and good old fashioned detective work they usually rely
on. 

(It's worth noting that the World Trade Center bombing case unraveled, not
through wire-taps, but with the discovery of the axle serial number on the
van which held the explosives.)

Despite all these questions, both unasked and unanswered, Clipper continues
(at the time of this writing) to sail briskly toward standardhood, the full
wind of government bearing her along. 

On July 30, NIST issued a request for public comments on its proposal to
establish Clipper/Skipjack as a Federal Information Processing Standard
(FIPS).  All comments are due by September 28, and the government seems
unwilling to delay the process despite the lack of an overall guiding
policy on crypto. Worse, they are putting a hard sell on Clipper/Skipjack
without a clue as to who might be escrow holders upon whose political
acceptability the entire scheme hinges.

Nor have they addressed the central question: why would a criminal use a
key escrow device unless he were either very stupid...in which case he'd be
easily caught anyway...or simply had no choice. 

All this leads me to an uncharacteristically paranoid conclusion:  

The Government May Mandate Key Escrow Encryption and Outlaw Other 
Forms. 

It is increasingly hard for me to imagine any other purpose for the
Clipper/Skipjack operetta if not to prepare the way for the restriction of
all private cryptographic uses to a key escrow system. If I were going to
move the American people into a condition where they might accept
restrictions on their encryption, I would first engineer the wide-spread
deployment of a key escrow system on a voluntary basis, wait for some 
blind sheik to slip a bomb plot around it and then say, "Sorry, folks this
ain't
enough, it's got to be universal."

Otherwise, why bother? Even its most ardent proponents admit that no
intelligent criminal would trust his communications to a key escrow device.
On the other hand, if nearly all encrypted traffic were Skipjack-flavored,
any transmission encoded by some other algorithm would stick out like a
licorice Dot. 

In fact, the assumption that Cyberspace will roar one day with Skipjack
babble lies behind the stated reason for the secrecy for the algorithm. In
their Interim Report, the Skipjack review panel puts it this way:

Disclosure of the algorithm would permit the construction of devices that
fail to properly implement the LEAF [or Law Enforcement Access Field],
while still interoperating with legitimate SKIPJACK devices.  Such devices
would provide high quality cryptographic security without preserving the
law enforcement access capability that distinguishes this cryptographic
initiative. 

In other words, they don't want devices or software out there that might
use the Skipjack algorithm without depositing a key with the escrow
holders. (By the way, this claim is open to question. Publishing Skipjack
would not necessarily endow anyone with the ability to build an
interoperable chip.)

Then there was the conversation I had with a highly-placed official of the
National Security Council in which he mused that the French had, after all,
outlawed the private use of cryptography, so it weren't as though it
couldn't be done. (He didn't suggest that we should also emulate France's
policy of conducting espionage on other countries' industries, though
wide-spread international use of Clipper/Skipjack would certainly enhance
our ability to do so.)

Be that as it may, France doesn't have a Bill of Rights to violate, which
it seems to me that restriction of cryptography in America would do on
several counts. 

Mandated encryption standards would fly against the First Amendment, 
which surely protects the manner of our speech as clearly as it protects the
content. Whole languages (most of them patois) have arisen on this planet
for the purpose of making the speaker unintelligible to authority. I know
of no instance where, even in the oppressive colonies where such languages
were formed, that the slave-owners banned their use.

Furthermore, the encryption software itself is written expression, upon
which no ban may be constitutionally imposed. (What, you might ask then,
about the constitutionality of restrictions on algorithm export. I'd say
they're being allowed only because no one ever got around to testing from
that angle.) 

The First Amendment also protects freedom of association. On several
different occasions, most notably NAACP v. Alabama ex rel. Patterson and
Talley vs. California, the courts have ruled that requiring the disclosure
of either an organization's membership or the identity of an individual
could lead to reprisals, thereby suppressing both association and speech. 
Certainly in a place like Cyberspace where everyone is so generally
"visible," no truly private "assembly" can take place without some
technical means of hiding the participants.

It also looks to me as if the forced imposition of a key escrow system
might violate the Fourth and Fifth Amendments. 

The Fourth Amendment prohibits secret searches. Even with a warrant, 
agents of the government must announce themselves before entering and 
may not seize property without informing the owner. Wire-taps inhabit a 
gray-ish area of the law in that they permit the secret "seizure" of an actual
conversation by those actively eavesdropping on it. The law does not permit
the subsequent secret seizure of a record of that conversation. Given the
nature of electronic communications, an encryption key opens not only the
phone line but the filing cabinet.

Finally, the Fifth Amendment protects individuals from being forced to
reveal self-incriminating evidence. While no court has ever ruled on the
matter vis a vis encryption keys, there seems something involuntarily
self-incriminating about being forced to give up your secrets in advance.
Which is, essentially, what mandatory key escrow would require you to do.

For all these protections, I keep thinking it would be nice to have a
constitution like the one just adopted by our largest possible enemy,
Russia. As I understand it, this document explicitly forbids governmental
restrictions on the use of cryptography.

For the moment, we have to take our comfort in the fact that our
government...or at least the parts of it that state their
intentions...avows both publicly and privately that it has no intention to
impose key escrow cryptography as a mandatory standard. It would be, to 
use Podesta's mild word, "imprudent." 

But it's not Podesta or anyone else in the current White House who worries
me. Despite their claims to the contrary, I'm not convinced they like
Clipper any better than I do. In fact, one of them...not Podesta...called
Clipper "our Bay of Pigs," referring to the ill-fated Cuban invasion cooked
up by the CIA under Eisenhower and executed (badly) by a reluctant 
Kennedy Administration. The comparison may not be invidious.

It's the people I can't see who worry me. These are the people who actually
developed Clipper/Skipjack and its classified algorithm, the people who,
through export controls, have kept American cryptography largely to
themselves, the people who are establishing in secret what the public can
or cannot employ to protect its own secrets. They are invisible and silent
to all the citizens they purportedly serve save those who sit the
Congressional intelligence committees. 

In secret, they are making for us what may be the most important choice
that has ever faced American democracy, that is, whether our descendants
will lead their private lives with unprecedented mobility and safety from
coercion, or whether every move they make, geographic, economic, or
amorous, will be visible to anyone who possesses whatever may then
constitute "lawful authority." 


Who Are the Lawful Authorities?

Over a year ago, when I first fell down the rabbit hole into Cryptoland, I
wrote a Communications column called Decrypting the Puzzle Palace. In it, I
advanced what I then thought a slightly paranoid thesis, suggesting that
the NSA-guided embargoes on robust encryption software had been driven 
not by their stated justification (keeping good cryptography out of the
possession of foreign military adversaries) but rather restricting its use
by domestic civilians.

In the course of writing that piece, I spoke to a number of officials,
including former CIA Director Stansfield Turner and former NSA Director
Bobby Ray Inman, who assured me that using a military organization to 
shape domestic policy would be "injudicious" (as Turner put it), but no
one 
could think of any law or regulation that might specifically prohibit the NSA
from serving the goals of the Department of Justice.

But since then I've learned a lot about the hazy Post-Reagan/Bush lines
between law enforcement and intelligence. They started redrawing the map 
of authority early in their administration with Executive Order 12333, issued
on December 4, 1981. (Federal Register #: 46 FR 59941)

This sweeping decree defines the duties and limitations of the various
intelligence organizations of the United States and contains the following
language:

1.4  The Intelligence Community.  The agencies within the Intelligence
Community shall...conduct intelligence activities necessary for the...
protection of the national security of the United States, including:  
...   
(c) Collection of information concerning, and the conduct of activities to
protect against, intelligence activities directed against the United
States, international terrorist and international narcotics activities, and
other hostile activities directed against the United States by foreign
powers, organizations, persons, and their agents;  (Italics Added)


Further, in Section 2.6, Assistance to Law Enforcement Authorities,
agencies within the Intelligence Community are 

authorized to...participate in law enforcement activities to investigate or
prevent clandestine intelligence activities by foreign powers, or
international terrorist or narcotics activities.

In other words, the intelligence community was specifically charged with
investigative responsibility for international criminal activities in the
areas of drugs and terrorism. 

Furthermore, within certain fairly loose guidelines, intelligence
organizations are "authorized to collect, retain or disseminate information
concerning United States persons" that may include "incidentally obtained
information that may indicate involvement in activities that may violate
federal, state, local or foreign laws."

Given that the NSA monitors a significant portion of all the electronic
communications between the United States and other countries, the
opportunities for "incidentally obtaining" information that might
incriminate Americans inside America are great. 

Furthermore, over the course of the Reagan/Bush administration, the job of
fighting the War on Some Drugs gradually spread to every element of the
Executive Branch.  

Even the Department of Energy is now involved. At an Intelligence 
Community conference last winter I heard a proud speech from a DOE
official 
in which he talked about how some of the bomb-designing supercomputers 
at Los Alamos had been turned to the peaceful purpose of sifting through 
huge piles of openly available data...newspapers, courthouse records,
etc....in 
search of patterns that would expose drug users and traffickers. They are 
selling their results to a variety of "lawful authorities," ranging from the
Southern Command of the U.S. Army to the Panamanian Defense Forces to
various County Sheriff's Departments. 

"Fine," you might say, "Drug use is a epidemic that merits any cure." But I
would be surprised if there's anyone who will read this sentence who has
broken no laws whatever. And it's anybody's guess what evidence of other
unlawful activities might be "incidentally obtained" by such a wide net as
DOE is flinging. 

The central focus that drugs and terrorism have assumed within the
intelligence agencies was underscored for me by a recent tour of the
central operations room at the CIA. There, in the nerve center of American
intelligence, were desks for Asia, Europe, North America, Africa and
"Middle East/Terrorism," and "South America/Narcotics." These bogeymen 
are now the size of continents on the governmental map of peril. 

Given this perception of its duties, the NSA's strict opposition to the
export of strong cryptographic engines, hard or soft,  starts to make more
sense. They are not, as I'd feared, so clue-impaired as to think their
embargoes are denying any other nation access to good cryptography.
(According to an internal Department of Defense analysis of crypto policy,
it recently took 3 minutes and 14 seconds to locate a source code version
of DES on the Internet.) 

Nor do they really believe these policies are enhancing national security
in the traditional, military sense of the word, where the U.S. is, in any
case, already absurdly over-matched to any national adversary, as was
proven during the Gulf War.  

It's the enemies they can't bomb who have them worried, and they are
certainly correct in thinking that the communications of drug traffickers
and whatever few terrorists as may actually exist are more open to their
perusal than would be the case in a world where even your grandmother's
phone conversations were encrypted. 

And Clipper or no Clipper, such a world would be closer at hand if
manufacturers hadn't known than any device that embodies good encryption
would not be fit for export. 

But with Clipper/Skipjack, there is a lot that the combined forces of
government will be able to do to monitor all aspects of your behavior
without getting a warrant. Between the monitoring capacities of the NSA,
the great data-sieves of the Department of Energy, and the fact that, in
use, each chip would continually broadcast the whereabouts of its owner,
the government would soon be able to isolate just about every perpetrator
among us. 

I assume you're neither a drug-user nor a terrorist, but are you ready for
this? Is your nose that clean? Can it be prudent to give the government
this kind of corrupting power? 

I don't think so, but this is what will happen if we continue to allow the
secret elements of government to shape domestic policy as though the only
American goals that mattered were stopping terrorism (which seems pretty
well stopped already) and winning the War on Some Drugs (which no 
amount of force will ever completely win). 

Unfortunately, we are not able to discuss priorities with the people who
are setting them, nor do they seem particularly amenable to any form of
authority. In a recent discussion with a White House official, I asked for
his help in getting the NSA to come out of its bunker and engage in direct
and open discussions about crypto embargoes, key escrow, the Skipjack
algorithm, and the other matters of public interest.

"I'll see what we can do," he said. 

"But you guys are the government," I protested. "Surely they'll do as you
tell them."

"I'll see what we can do," he repeated, offering little optimism.  

That was months ago. In the meantime, the NSA has not only remained 
utterly unforthcoming in public discussions of crypto policy, they have 
unlawfully refused to comply with any Freedom of Information Act requests 
for documents in this area. 

It is time for the public to reassert control over their own government. It
is time to demand that public policy be made in public by officials with
names, faces, and personal accountability.

When and if we are able to actually discuss crypto policy with the people
who are setting it, I have a list of objectives that I hope many of you
will share. There are as follows:

1.      There should no law restricting any use of cryptography by private
citizens.

2.      There should be no restriction on the export of cryptographic
algorithms or any other instruments of cryptography.

3.      Secret agencies should not be allowed to drive public policies.

4.      The taxpayer's investment in encryption technology and related
mathematical research should be made available for public and scientific
use.            
5.      The government should encourage the deployment of wide-spread
encryption.

6.      While key escrow systems may have purposes, none should be
implemented that places the keys in the hands of government. 
 
7.      Any encryption standard to be implemented by the government should
developed in an open and public fashion and should not employ a secret
algorithm. 

And last, or perhaps, first...

8.      There should be no broadening of governmental access to private
communications and records unless there is a public consensus that the
risks to safety outweigh the risks to liberty and will be effectively
addressed by these means.    

If you support these principles, or even if you don't, I hope you will
participate in making this a public process. And there are a number of
actions you can take in that regard.

The National Institute of Standards and Technology (NIST) has issued a
request for public comments on its proposal to establish the "Skipjack"
key-escrow system as a Federal Information Processing Standard.  You've 
got until September 28 to tell them what you think of that. Comments on the
NIST proposal should be sent to:

Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

If you belong to or work for an organization, you can encourage that
organization to join the Digital Privacy Working Group. To do so they
should contact EFF's Washington office at:

Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC    20001
202/347-5400
Fax 202/393-5509
eff@eff.org

I also encourage individuals interested in these issues to either join EFF,
Computer Professionals for Social Responsibility, or one of the related
local organizations which have sprung up around the country. For the
addresses of a group in your area, contact EFF. 


New York City, New York
Monday, September 6, 1993