The Puzzles of Privacy
Cryptography and the
Future of Liberty

Three Columns for
Communications of the ACM


by
John Perry Barlow
Electronic Frontier Foundation

ß

Wyoming, New York, San Francisco
1991~1993

Private Life in Cyberspace
For the June, 1991  Electronic Frontier column
in Communications of the ACM
by
John Perry Barlow


I have lived most of my life in a small Wyoming town, where there is little
of the privacy which both insulates and isolates suburbanites. Anyone in
Pinedale who is interested in me or my doings can get most of the
information he might seek in the Wrangler Cafe. Between them, any five
customers could probably produce all that was known locally about me,
including a quite a number of items which were well known but not true.

For most people who have never lived in these conditions, the idea that
one's private life might be public knowledge...and, worse, that one's
neighbors might fabricate tales about him when the truth would do...is a
terrifying thought. Whether they have anything to hide or not (and most
everyone harbors something he's not too proud of), they seem to assume that
others would certainly employ their private peccadillos against them. But
what makes the fishbowl of community tolerable is a general willingness of
small towns to forgive  in their own all that  should be forgiven. One is
protected from the malice of his fellows not by their lack of dangerous
information about him but by their disinclination to use it.

I found myself thinking a lot about this during a recent San Francisco
conference on Computers, Privacy, and Freedom. Like most of the attendees,
I had arrived there bearing the assumption that there was some necessary
connection between privacy and freedom and that among the challenges to
which computers may present to our future liberties was their ability to
store,  transfer, and duplicate the skeletons from our closets.

With support from the Electronic Frontier Foundation, Apple Computer, the
WELL, and a number of other organizations, the conference was put on by
Computer Professionals for Social Responsibility, a group which has done
much to secure to Americans the ownership of their private lives.Their Man
in Washington, Marc Rotenberg, hit the hot key which resulted in Lotus
getting 30,000 letters, phone calls, and e-mail messages protesting the
release of Lotus Marketplace: Households.

In case you haven't left your terminal in awhile, this was a product whose
CD-ROM's of addresses and demographic information would have ushered in
the era of Desktop Junkmail. Suddenly anyone with 600 bucks and a CD-ROM
drive could have been stuffing your mailbox with their urgent appeals.

Marketplace withered under the heat, and I didn't hear a soul mourn its
passage. Most people seemed happy to leave the massive marketing databases
in institutional hands, thinking perhaps that junkmail might be one
province where democracy was better left unspread.

I wasn't so sure. For example, it occurred to me that Lotus could make a
strong legal, if not commercial, case that Marketplace was a publication
protected by the First Amendment. It also seemed that a better approach to
the scourge of junkmail might be political action directed toward getting
the Postal Service to raise its rates on bulk mailing. (Or perhaps even
eliminating the Postal Service, which seems to have little function these
days beyond the delivery of instant landfills.) Finally, I wondered if we
weren't once again blaming the tool and not the workman, as though the
problem were information and not its misuse. I felt myself gravitating
toward the politically incorrect side of the issue, and so I kept quiet
about it.

At the Conference on Computers, Privacy, and Freedom, the no one was
keeping quiet. Speaker after speaker painted a picture of gathering
informational fascism in which Big Brother was entering our homes dressed
in the restrained Italian suit of the Marketroid. Our every commercial
quiver was being recorded, collated, and widely redistributed. One began to
imagine a Cyberspace smeared all over with his electronic fingerprints,
each of them gradually growing into a full-blown virtual image of himself
as Potential Customer. I could see an almost infinite parade of my digital
simulacra marching past an endless wall of billboards.

There was discussion of opting out of the databases, getting through modern
American life without ever giving out one's National Identity Number (as
the Social Security Number has indisputably become by default), endeavoring
to restrict one's existence to the physical world. The poor fellow from
Equifax mouthed smooth corporatisms about voluntary restraints on the
secondary use of information...such practices as selling the fact of one's
purchase from one catalog to fifteen other aspirants...but no one believed
him. Everyone seemed to realize that personal information was as much a
commodity as pork bellies, fuel oil, or crack and that the market would be
served.

They were right. In the week following the Conference, I got a solicitation
from CACI Marketing Systems which began: Now Available! Actual 1990 Census
Data. This despite Department of Commerce assurances that Census Data
would not be put to commercial use. Marketplace is dead. Long live
Marketplace.

When it came down to solutions, however, there seemed to be developing a
canonical approach which was all too familiar: let's write some laws. The
European Community's privacy standards, scheduled to be implemented by
the member nations in 1992, were praised. Similar legislation was proposed
for the United States.

Quite apart from the impracticality of entrusting to government another
tough problem (given its fairly undistinguished record in addressing the
environmental, social, or educational responsibilities it already
has), there is a good reason to avoid this strategy. Legally assuring the
privacy of one's personal data involves nothing less than endowing the
Federal Government with the right to restrict information.

It may be that there is a profound incompatibility between the
requirements of privacy (at least as achieved by this methods) and the
requirements of liberty. It doesn't take a paranoid to believe that
restrictions placed on one form of information will expand to include
others. Nor does it take a Libertarian to believe that the imposition of
contraband on a commodity probably won't eliminate its availability. I
submit, as Exhibit A, the War on Some Drugs.

I began to envision an even more dystopian future in which the data cops
patrolled Cyberspace in search of illicit personal info, finding other
items of legal interest along the way.  Meanwhile, institutions who could
afford the elevated price of illegal goods would continue to buy it from
thuggish Data Cartels in places like the Turks and Caicos Islands, as
sf-writer Bruce Sterling predicted in Islands in the Net.

I returned to Wyoming in a funk. My ghostly electronic selves increased
their number on my way home as I bought airline tickets, charged to my
credit cards, make long distance phone calls, and earned another speeding
ticket. The more I thought about it, the more I became convinced that
nothing short of a fugitive cash-based existence would prevent their
continued duplication. And even that would never exorcise them all. I was
permanently on record.

Back in Pinedale, where I am also on record, my head started to clear.
Barring government regulation of information, for which I have no
enthusiasm, it seemed inevitable that the Global Village would resemble a
real village at least in the sense of eliminating the hermetic sealing of
one's suburban privacy. Everyone would start to lead as public a life as I
do at home.

And in that lies at least a philosophical vector towards long-term social
solution. As I say, I am protected in Pinedale not by the restriction of
information but by a tolerant social contract which prohibits its use
against me. (Unless, of course, it's of such a damning nature that it ought
to be used against me.) What may be properly restricted by government is
not the tool but the work that is done with it. If we don't like junkmail,
we should make it too expensive to send. If we don't trust others not to
hang us by our errors, we must work to build a more tolerant society.

But this approach has a fundamental limit on its effectiveness. While it
may, over the long run, reduce the suffering of marketing targets, it does
little to protect one from the excesses of a more authoritarian
government than the one we have today. This Republic was born in the
anonymous broadsides of citizens who published them under Latinate
pseudonyms like Publius Civitatus. How would the oppressed citizens of the
electronic future protect the source of rebellion?

Furthermore, much of the tolerance which I experience in Pinedale has to do
with the fact that we experience one another here. We are not abstracted
into information, which, no matter how dense it becomes, is nothing to grow
a human being from. And it will be a long time before we exist in
Cyberspace as anything but information.

While I generally resist technical solutions to social problems, it seems
best approach to this digital dilemma is also machine-based: encryption. At
the CFP Conference, EFF co-founder John Gilmore called on the computer
industry to include in their products tools which would enhance the privacy
of their communications. These might include hardware-based public key
encryption schemes, though these are probably too narrow in scale to cover
the whole problem.

He also noted that it is possible to have an electronic identity which is
not directly connected to one's physical self. I agree with him that it is
not only possible but advisable. From the standpoint of credit assurance,
there is no difference between the information that John Perry Barlow
always pays his bills on time or that Account #345 8849 23433 (to whomever
that may belong) is equally punctilious.

There are, of course, a number of problems with encrypted identity, not the
least of which the development of a long-term credit record attached to
disembodied number. And keeping that number disembodied over the same long
term is not a trivial enterprise. Finally, there is the old political
question..."What are you trying to hide?"...in which the effort to conceal
is taken to be a statement of guilt. This might limit a willingness on the
part of information carriers to engage in the compliance necessary to make
this system work.

Of course, neither machine-based encryption systems nor encrypted
identities will become reality unless the computer, communications, and
information industries perceive there to be technically feasible methods of
providing these services and people willing to pay for them. ACM members
are well situated to provide both the technology and the initial market for
it.

And, as usual, we would be well-advised to keep of abreast of political
developments. As I write this, there are before congress a Couple of bills
which would render encryption meaningless. Senator Joseph Biden has
introduced Senate Bill 266 which declares:

It is the sense of Congress that providers of electronic communications
systems permit the government to obtain the plain text contents of voice,
data, and other communications when appropriately authorized by law.

It appears that the FBI's concern in requesting this language was the
difficulty of tapping multiplexed phone lines, but the bill nevertheless
says, "turn over your encryption keys." These words probably won't become
law, but even if they don't, it seems certain that we haven't seen the last
of them, inasmuch as similar language is also to be found in S. 618, The
Violent Crime Control Act of 1991. Both of these bills address a legitimate
law-enforcement concern: how to build a case when all the evidence is
encrypted, but as in other areas of information vs. action, they should
place their focus on the dirty deed and not the planning of it.

Another legislative vicinity to watch are efforts to amend the Electronic
Communications Privacy Act to address more adequately cellular and other
wireless technologies. This is especially relevant since, as Nicholas
Negroponte has predicted, information which has traditionally flowed
through cables, like telephone conversations, are taking to the air while
broadcast information is moving underground. Entirely different assumptions
prevail between broadcast and one-to-one communications which will now be
questioned legally and technically.

EFF believes that legal constraints on intercepting private wireless
communications will not be sufficient to address the problem. Cellular
manufacturers and service providers must be urged provide their customers
with the cheap encryption methods which are already available. At the same
time, they should be legally required to inform their customers of the easy
interception of non-encrypted communications.  Finally, in our zeal to
protect the privacy of cellular conversation, we should be careful not to
criminalize simple scanning of the airwaves, most of which has no specific
target or intent, lest we pass laws which inhibit access to information.

All in all, we are looking at some tough challenges, both technologically
and politically. Computer technology has created not just a new medium but
a new place. The society we erect there will probably be quite different
from the one we now inhabit, given the fact that this one depends heavily
on the physical property of things while the next one has no physical
properties at all. Certain qualities should survive the transfer, however,
and these include tolerance, respect for privacy of others, and a
willingness to treat one's fellows as something besides potential
customers.

But until we have developed the Social Contract of Cyberspace, we must
create, though encryption and related means, the virtual envelopes and
rooms within which we can continue to lead private lives as we enter this
new and very public place.
Pinedale, Wyoming
March 30, 1991

Decrypting the Puzzle Palace
For the June, 1992  Electronic Frontier column
in Communications of the ACM
by
John Perry Barlow


"A little sunlight is the best disinfectant."
	--Justice Louis Brandeis
	
Over a year ago, in a condition of giddier innocence than I enjoy today, I
wrote the following about the discovery of Cyberspace:

"Imagine discovering a continent so vast that it may have no other side.
Imagine a new world with more resources than all our future greed might
exhaust, more opportunities than there will ever be entrepreneurs enough to
exploit, and a peculiar kind of real estate which expands with
development."

One less felicitous feature of this terrain which I hadn't noticed then is
what seems to be a long-encamped and immense army of occupation.

This army represents interests which are difficult to define, guards the
area against unidentified enemies, meticulously observes almost every
activity undertaken there, and continuously prevents most who inhabit its
domain from drawing any blinds against such observation.

It marshals at least 40,000 troops, owns the most advanced computing
resources in the world, and uses funds the dispersal of which does not fall
under any democratic review.

Imagining this force won't require from you the inventive powers of a
William Gibson. The American Occupation Army of Cyberspace exists. Its name
is the National Security Agency.

It may be argued that this peculiar institution inhibits free trade, has
directly damaged American competitiveness, and poses a threat to liberty
anywhere people communicate with electrons. It's principal function, as my
EFF colleague John Gilmore puts it, is "wire-tapping the world," which it
is free to do without a warrant from any judge.

It is legally constrained from domestic surveillance, but precious few
people are in a good position to watch what, how, or whom the NSA watches.
And those who are tend to be temperamentally sympathetic to its objectives
and methods. They like power, and power understands the importance of
keeping it own secrets and learning everyone else's.

Whether it is meticulously ignoring every American byte or not, the NSA is
certainly pursuing policies which will render our domestic affairs
transparent to anyone who can afford big digital hardware. Such policies
could have profound consequences on our liberty and privacy.

More to point, the role of the NSA in the area of domestic privacy needs to
be assessed in the light of other recent federal initiatives which seem
directly aimed at permanently denying privacy to the inhabitants of
Cyberspace, whether foreign or American.

Finally it seems a highly opportune time, directly following our
disorienting victory in the Cold War, to ask if the threats from which the
NSA purportedly protects us from are as significant as the hazards its
activities present.

Like most Americans I'd never given much thought to the NSA until recently.
(Indeed its very existence was a secret for much of my life. Beltway types
used to joke that NSA stood for "No Such Agency.")

I vaguely knew that it was another of the 12 or so shadowy federal spook
houses which were erected shortly after the Iron Curtain with the purpose
of stopping its further advance. It derives entirely from a memorandum sent
by Harry Truman on October 24, 1952 to Secretary of State Dean Acheson and
Defense Secretary Robert Lovatt. This memo, the official secrecy of which
remained unpenetrated for almost 40 years, created the NSA, placed it under
the authority of the Secretary of Defense, and charged it with monitoring
and decoding any signal transmission relevant to the security of the United
States.

Even after I started noticing the NSA, my natural immunity to paranoia
combined with a general belief in the incompetence of all
bureaucracies...especially those whose inefficiencies are unmolested by
public scrutiny...to mute any sense of alarm. But this was before I began
to understand the subterranean battles raging over data encryption and the
NSA's role in them. Lately, I'm less sanguine.

As I mentioned in a previous column (Private Life in Cyberspace, August
1991), encryption may be the only reliable method for conveying privacy to
the inherently public domain of Cyberspace. I certainly trust it more than
privacy protection laws. Relying on government to protect your privacy is
like asking a peeping tom to install your window blinds.

In fact, we already have a strong-sounding federal law protecting our
electronic privacy, the Electronic Communications Privacy Act or ECPA. But
this law has not particular effective in those areas were electronic
eavesdropping is technically easy. This is especially true in the area of
cellular phone conversations, which, under the current analog transmission
standard, are easily accessible to anyone from the FBI to you.

The degree of law enforcement apprehension over secure cellular encryption
provides mute evidence of how seriously they've been taking ECPA. They are
moving on a variety of fronts to see that robust electronic privacy
protection systems don't become generally available to the public. Indeed,
the current administration may be so determined to achieve this end that
they may be willing to paralyze progress in America's most promising
technologies rather than yield on it.

Push is coming to shove in two areas of communications technology: digital
transmission of heretofore analog signals and the encryption of transmitted
data.

As the communications service providers move to packet switching, fiber
optic transmission lines, digital wireless, ISDN and other advanced
techniques, what have been discrete channels of continuous electrical
impulses, voices audible to anyone with alligator clips on the right wires,
are now becoming chaotic blasts of data packets, readily intelligible only
to the sender and receiver. This development effectively forecloses
traditional wire-tapping techniques, even as it provides new and different
opportunities for electronic surveillance.

It is in the latter area where the NSA knows its stuff. A fair percentage
of the digital signals dispatched on planet Earth must pass at some point
through the NSA's big sieve in Fort Meade, Maryland, 12 underground acres
of the heaviest hardware in the computing world. There, unless these
packets are also encrypted with a particularly knotty algorithm, sorting
them back back into their original continuity is not so difficult.

Last spring, alarmed at a future in which it would have to sort through an
endless fruit salad of encrypted bits, the FBI persuaded Senator Joseph
Biden to include language in Senate Bill 266 which would have directed
providers of electronic communications services and devices (such as
digital cellular phone systems or other multiplexed communications
channels) to implement only such encryption methods as would assure
governmental ability to extract from the data stream the plaintext of any
voice or data communications in which it took a legal interest. It was if
the government had responded to a technological leap in lock design by
requiring building contractors to supply it with skeleton keys to every
door in America.

The provision raised wide-spread concern in the computer community, which
was better equipped to understand its implications than the general public,
and in August of last year, the Electronic Frontier Foundation, in
cooperation with Computer Professionals for Social Responsibility and other
industry groups, successfully lobbied to have it removed from the bill.

Our celebration was restrained. I knew we knew we hadn't seen the last of
it. For one thing, the movement to digital communications does create some
serious obstacles to traditional wire-tapping procedures. I fully expected
that law enforcement would be back with new proposals, which I hoped might
be ones we could support. But what I didn't understand then, and am only
now beginning to appreciate, was the extent to which this issue had already
been engaged by the NSA in the obscure area of export controls over data
encryption algorithms.

Encryption algorithms, despite their purely defensive characteristics, have
been regarded by the government of this country as weapons of war for many
years. If they are to be employed for privacy (as opposed to
authentication) and they are any good at all, their export is licensed
under State Department's International Traffic in Arms Regulations or ITAR.


The encryption watchdog is the NSA. It has been enforcing a policy, neither
debated nor even admitted to, which holds that if a device or program
contains an encryption scheme which the NSA can't break fairly easily, it
will not be licensed for international sale.

Aside for marvelling at the silliness of trying to embargo algorithms, a
practice about as practicable as restricting the export of wind, I didn't
pay much attention to the implications of NSA encryption policies until
February of this year.  It was then that I learned about the deliberations
of an an obscure group of cellular industry representatives called the Ad
Hoc Authentication Task Force, TR45.3 and of the influence which the NSA
has apparently exercised over their findings.

In the stately fashion characteristic of standard-setting bodies, this
group has been working for several years on a standard for digital cellular
transmission, authentication, and privacy protection to be known by the
characteristically whimsical telco moniker IS-54B.

In February they met near Giants Stadium in East Rutherford, NJ. At that
meeting, they recommended, and agreed not to publish, an encryption scheme
for American-made digital cellular systems which many sophisticated
observers believe to be intentionally vulnerable. It was further thought by
many observers that this "dumbing down" had been done in direct cooperation
with the NSA.

Given the secret nature of the new algorithm, its actual merits were
difficult to assess. But many cryptologists believe there is enough in the
published portions of the standard to confirm that it isn't any good.

One cryptographic expert, one of two I spoke with who asked not to be
identified lest the NSA take reprisals against his company,  said:

"The voice privacy scheme , as opposed to the authentication scheme, is
pitifully easy to break. It involves the generation of two "voice privacy
masks" each 260 bits long. They are generated as a byproduct of the
authentication algorithm and remain fixed for the duration of a call. The
voice privacy masks are exclusive_ORed with each frame of data from the
vocoder at the transmitter. The receiver XORs the same mask with the
incoming data frame to recover the original plaintext. Anyone familiar with
the fundamentals of cryptanalysis can easily see how weak this scheme is."

And indeed, Whitfield Diffie, co-inventor of Public Key cryptography and
arguably the dean of this obscure field, told me this about the fixed
masks:

"Given that description of the encryption process, there is no need for the
opponents to know how the masks were generated. Routine cryptanalytic
operations will quickly determine the masks and remove them.''

Some on committee claimed that possible NSA refusal of export licensing had
no bearing on the algorithm they chose. But their decision not to publish
the entire method and expose it to cryptanalytical abuse (not to mention
ANSI certification) was accompanied by the following convoluted
justification:

"It is the belief of the majority of the Ad Hoc Group, based on our current
understanding of the export requirements, that a published algorithm would
facilitate the cracking of the algorithm to the extent that its fundamental
purpose is defeated or compromised." (Italics added.)

Now this is a weird paragraph any way you parse it, but its most singular
quality is the sudden, incongruous appearance of export requirements in a
paragraph otherwise devoted to algorithmic integrity. In fact, this
paragraph is itself code, the plaintext of which goes something like this:
"We're adopting this algorithm because, if we don't, the NSA will slam an
export embargo on all domestically manufactured digital cellular phones."

Obviously, the cellular phone systems manufacturers and providers are not
going to produce one model for overseas sale and another for domestic
production. Thus, a primary effect of NSA-driven efforts to deny some
unnamed foreign enemy secure cellular communications is on domestic
security. The wireless channels available to private Americans will be
cloaked in a mathematical veil so thin that, as one crypto-expert put it,
"Any county sheriff with the right PC-based black box will be able to
monitor your cellular conversations."

When I heard him say that, it suddenly became clear to me that, whether
consciously undertaken with that goal or not, the most important result of
the NSA's encryption embargoes has been the future convenience of domestic
law enforcement. Thanks to NSA export policies, they will be assured that,
as more Americans protect their privacy with encryption, it will be of a
sort easily penetrated by authority.

I find it increasingly hard to imagine this is not their real objective as
well. Surely, they must be aware of how ineffectual their efforts have been
in keeping good encryption out of inimical military possession. An
algorithm is somewhat less easily stopped at the border than, say, a
nuclear reactor. As William Neukom, head of Microsoft Legal puts it, "The
notion that you can control this technology is comical."

I became further persuaded that this was the case upon hearing, from a
couple of sources, that the Russians have been using the possibly
uncrackable (and American) RSA algorithm in their missile launch codes for
the last ten years and that, for as little as five bucks, one can get a
software package called Crypto II on the streets of Saint Petersburg which
includes both RSA and DES encryption systems.

Nevertheless, the NSA has been willing to cost American business a lot of
revenue rather than allow domestic products with strong encryption into the
global market.

While it's impossible to set a credible figure on what that loss might add
up to, it's high. Jim Bidzos, whose RSA Data Security licenses RSA, points
to one major Swiss bid in which a hundred million dollar contract for
financial computer terminals went to a European vendor after American
companies were prohibited by the NSA from exporting a truly secure network.

The list of export software containing intentionally broken encryption is
also long. Lotus Notes ships in two versions. Don't count on much
protection from the encryption in the export version. Both Microsoft and
Novell have been thwarted in their efforts to include RSA in their
international networking software, despite frequent publication of the
entire RSA algorithm in technical publications all over the world.

With hardware, the job has been easier. NSA levied against the inclusion of
a DES  chip in the AS/390 series IBM mainframes in late 1990 despite the
fact that, by this time, DES was in widespread use around the world,
including semi-official adoption by our official enemy, the USSR.

I now realize that Soviets have not been the NSA's main concern at any time
lately. Naively hoping that, with the collapse of the Evil Empire, the NSA
might be out of work, I then learned that, given their own vigorous crypto
systems and their long use of some embargoed products, the Russians could
not have been the threat from whom this forbidden knowledge was to be kept.
Who has the enemy been then? I started to ask around.

Cited again and again as the real object of the embargoes were Third-World
countries. terrorists and... criminals. Criminals, most generally
drug-flavored, kept coming up, and nobody seemed terribly concerned that
some of their operations might be located in areas supposedly off-limits to
NSA scrutiny.

Presumably the NSA is restricted from conducting American surveillance by
both the Foreign Intelligence Surveillance Act of 1978 (FISA) and a series
of presidential directives, beginning with one issued by President Ford
following Richard Nixon's bold  misuse of the NSA, in which he explicitly
directed the NSA to conduct widespread domestic surveillance of political
dissidents and drug users.

But whether or not FISA has actually limited the NSA's abilities to conduct
domestic surveillance seemed less relevant the more I thought about it. A
better question to ask was, "Who is best served by the NSA's encryption
export policies?" The answer is clear: domestic law enforcement. Was this
the result of some spook plot between NSA and, say, the Department of
Justice? Not necessarily.

Certainly in the case of the digital cellular standard, cultural congruity
between foreign intelligence, domestic law enforcement, and what somebody
referred to as "spook wannabes on the TR45.3 committee" might have a lot
more to do with the its eventual flavor than any actual whisperings along
the Potomac.

Unable to get anyone presently employed by the NSA to comment on this or
any other matter and with little opportunity to assess the NSA's
congeniality toward domestic law enforcement from the inside, I approached
a couple of old hands for a highly distilled sample of intelligence
culture.

I called Admirals Stansfield Turner and Bobby Ray Inman. Not only had their
Carter administration positions as, respectively, CIA and NSA Directors,
endowed them with considerable experience in such matters, both are
generally regarded to be somewhat more sensitive to the limits of
democratic power than their successors. None of whom seemed likely to
return my calls anyway.

My phone conversations with Turner and Inman were amiable enough, but they
didn't ease my gathering sense that the NSA takes an active interest in
areas which are supposedly beyond its authorized field of scrutiny.

Turner started out by saying he was in no position to confirm or deny any
suspicions about direct NSA-FBI cooperation on encryption, but he didn't
think I was being exactly irrational in raising the question. In fact, he
genially encouraged me to investigate the matter further.

He also said that while a sub rosa arrangement between the NSA and the
Department of Justice to compromise domestic encryption would be
"injudicious," he could think of no law, including FISA (which he helped
design), which would prevent it.

Most alarmingly, this gentleman who has written eloquently on the hazards
of surveillance in a democracy did not seem terribly concerned that our
digital shelters are being rendered permanently translucent by and to the
government.

He said, "A threat could develop...terrorism, narcotics, whatever...where
the public would be pleased that all electronic traffic was open to
decryption. You can't legislate something which forecloses the possibility
of meeting that kind of emergency."

Admiral Inman had even more enthusiasm for assertive governmental
supervision. Although he admitted no real knowledge of the events behind
the new cellular encryption standard, he wasn't the least disturbed to hear
that it might be flawed.

And, despite the fact that his responsibilities as NSA Director had been
restricted to foreign intelligence, he seemed a lot more comfortable
talking about threats on the home front.

"The Department of Justice," he began, "has a very legitimate worry. The
major weapon against white collar crime has been the court-ordered wiretap.
If the criminal elements go to using a high quality cipher, the principal
defense against narcotics traffic is gone." This didn't sound like a guy
who, were he still head of NSA, would rebuff FBI attempts to get a little
help from his agency.

He brushed off my concerns about the weakness of the cellular encryption
standard. "If all you're seeking is personal privacy, you can get that with
a very minimal amount of encipherment."

Well, I wondered, Privacy from whom?

And he seemed to regard real, virile encryption to be something rather like
a Saturday Night Special.  "My answer," he said, "would be legislation
which would make it a criminal offense to use encrypted communication to
conceal criminal activity."

Wouldn't that render all encrypted traffic automatically suspect? I asked.

"Well, he said, "you could have a registry of institutions which can
legally use ciphers. If you get somebody using one who isn't registered,
then you go after him."

You can have my encryption algorithm, I thought to myself, when you pry my
cold dead fingers from its private key.

It wasn't a big sample, but it was enough to gain a better appreciation of
the cultural climate of the intelligence community. And these guys are the
liberals. What legal efficiencies might their Republican successors be
willing to employ to protect the American Way?

Without the comfortably familiar presence of the Soviets to hate and fear,
we can expect to see a sharp increase in over-rated bogeymen and virtual
states of emergency. This is already well under way. I think we can expect
our drifting and confused hardliners to burn the Reichstag repeatedly until
they have managed to extract from our induced alarm the sort of government
which makes them feel safe.

This process has been under way for some time. One sees it in the war on
terrorism, against which pursuit "no liberty is absolute," as Admiral
Turner put it. This, despite the fact that, during last year for which I
have a solid figure, 1987, only 7 Americans succumbed to terrorism.

You can also see it clearly under way in the War on Some Drugs. The Fourth
Amendment to the Constitution has largely disappeared in this civil war.
And among the people I spoke with, it seemed a common canon that drugs (by
which one does not mean Jim Beam, Marlboros, Folger's, or Halcion) were a
sufficient evil to merit the government's holding any more keys it felt the
need for.

One individual close to the committee said that at least some of the
afore-mentioned "spook wannabes" on the committee  were "interested in weak
cellular encryption because they considered warrants not to be "practical"
when it came to pursuing drug dealers and other criminals using cellular
phones."

In a miscellaneously fearful America, where the people cry for shorter
chains and smaller cages, such privileges as secure personal communications
are increasingly regarded as expendable luxuries. As Whitfield Diffie put
it, "From the consistent way in which Americans seem to put security ahead
of freedom, I rather fear that most of them would prefer that all
electronic traffic was open to government decryption right now if they had
given it any thought."

In any event, while I found no proof of an NSA-FBI  conspiracy to gut the
American cellular phone encryption standard, it seemed clear to me that
none was needed. The same results can be delivered by a cultural
"auto-conspiracy" between like-minded hardliners and cellular companies who
will care about privacy only when their customers do.

You don't have to be a hand-wringing libertarian like me to worry about the
domestic consequences of the NSA's encryption embargoes. They are also, as
stated previously, bad for business, unless, of course, the business of
America is no longer business but, as sometimes seems the case these days,
crime control.

As Ron Rivest (the "R" in RSA) said to me, "We have the largest information
based economy in the world. We have have lots of reasons for wanting to
protect information, and weakening our encryption systems for the
convenience of law enforcement doesn't serve the national interest."

But by early March, it had become clear that this supposedly
business-oriented administration had made a clear choice to favor cops over
commerce even if the costs to the American economy were to become extremely
high.

A sense of White House seriousness in this regard could be taken from their
response to the first serious effort by Congress to bring the NSA to task
for its encryption embargoes. Rep. Mel Levine (D-Calif.) proposed an
amendment to the Export Administration Act to transfer mass market software
controls to the Commerce Department, which would relax the rules. The
administration responded by saying that they would veto the entire bill if
the Levine amendment remained attached to it.

Even though it appeared the NSA had little to fear from Congress, the
Levine amendment may have been part of what placed the agency in a
bargaining mood for the first time. They entered into discussions with the
Software Publishers Association who, acting primarily on behalf of
Microsoft and Lotus, got to them to agree "in principle" to a streamlined
process for export licensing of encryption which might provide for more
robust standards than have been allowed previously.

But the negotiations between the NSA and the SPA were being conducted
behind closed doors, with the NSA-imposed understanding that any agreement
they reached would be set forth only in a "confidential" letter to
Congress. As in the case of the digital cellular standard, this would
eliminate the public scrutiny by cryptography researchers which anneals
genuinely hardened encryption.

Furthermore, some cryptographers worried that the encryption key lengths to
which the SPA appeared willing to restrict its member publishers might be
too short to provide much defense against the sorts of brute-force
decryption assaults which advances in processor technology will yield in
the fairly near future. And brute force has always been the NSA's strong
suit.

Whether accurate or not, the impression engendered by the style of the
NSA-SPA negotiations was not one of unassailable confidence. The lack of it
will operate to the continued advantage of foreign manufacturers in an era
when more and more institutions are going to be concerned about the privacy
of their digital communications.

But the economic damage which the NSA-SPA agreement might cause would be
minor compared to what would result from a startling new federal
initiative, the Department of Justice's proposed legislation on digital
telephony. If you're wondering what happened to the snooping provisions
which were in Senate Bill 266, look no further. They're back. And they're
bigger and bolder than ever.

They are contained in a sweeping proposal which have been made by the
Justice Department to the Senate Commerce Committee for legislation which
would "require providers of  electronic communications services and private
branch exchanges to  ensure that the Government's ability to lawfully
intercept  communications is unimpeded by the introduction of advanced
digital  telecommunications technology or any other telecommunications
technology."

Amazingly enough, this really means what it says: before any advance in
telecommunications technology can be deployed, the service providers and
manufacturers must assure the cops that they can tap into it. In other
words, development in digital communications technology must come to a
screeching halt until Justice can be assured that it will be able to grab
and examine data packets with the same facility they have long enjoyed with
analog wire-tapping.

It gets worse. The initiative also provides that, if  requested by the
Attorney General, "any Commission proceeding concerning  regulations,
standards or registrations issued or to be issued under  authority of this
section shall be closed to the public." This essentially places the
Attorney General in a position to shut down any telecommunications advance
without benefit of public hearing.

When I first heard of the digital telephony proposal, I assumed it was a
kind of bargaining chip. I couldn't imagine it was serious. But it now
appears they are going to the mattresses on this one.

Taken together with NSA's continued assertion of its authority over
encryption, a pattern becomes clear. The government of the United States is
so determined to maintain law enforcement's traditional wire-tapping
abilities in the digital age that it is willing to fundamentally cripple
the American economy to do so. This may sound hyperbolic, but I believe it
is not.

The greatest technology advantage this country presently enjoys is in the
areas of software and telecommunications. Furthermore, thanks in large part
to the Internet, much of America is already wired for bytes, as significant
an economic edge in the Information Age as the existence of a railroad
system was for England one hundred fifty years ago.

If we continue to permit the NSA to cripple our software and further convey
to the Department of Justice the right to stop development the Net without
public input, we are sacrificing both our economic future and our
liberties. And all in the name of combatting terrorism and drugs.

This has now gone far enough. I have always been inclined to view the
American government as pretty benign as such creatures go. I am generally
the least paranoid person I know, but there is something scary about a
government which cares more about putting its nose in your business than it
does about keeping that  business healthy.

As I write this, a new ad hoc working group on digital privacy, coordinated
by the Electronic Frontier Foundation, is scrambling to meet the challenge.
The group includes representatives from organizations like AT&T, the
Regional Bells, IBM, Microsoft, the Electronic Mail Association and about
thirty other companies and public interest groups.

Under the direction of Jerry Berman, EFF's Washington office director, and
John Podesta, a capable lobbyist and privacy specialist who helped draft
the ECPA, this group intends to stop the provisions in digital telephony
proposal from entering the statute books.

We also intend to work with federal law enforcement officials to address
their legitimate concerns. We don't dispute their need to conduct some
electronic surveillance, but we believe this can be assured by more
restrained methods than they're proposing.

We are also preparing a thorough examination of the NSA's encryption export
policies and looking into the constitutional implications of those
policies. Rather than negotiating behind closed doors, as the SPA has been
attempting to do, America's digital industries have a strong self-interest
in banding together to bring the NSA's procedures and objectives into the
sunlight of public discussion.

Finally, we are hoping to open a dialog with the NSA. We need to develop a
better understanding of their perception of the world and its threats. Who
are they guarding us against and how does encryption fit into that
endeavor? Despite our opposition to their policies on encryption export, we
assume that NSA operations have some merit. But we would like to be able to
rationally balance the merits against the costs.

We strongly encourage any organization which might have a stake in the
future of digital communication to become involved. Letters expressing your
concern may be addressed to: Sen. Ernest Hollings, Chairman, Senate
Commerce Committee, U.S. Senate, Washington, DC and to Don Edwards,
Chairman, Subcommitee on Constitutional Rights, House Judiciary Committee.
(I would appreciate hearing those concerns myself. Feel free to copy me
with those letters at my physical address, c/o P.O. Box 1009, Pinedale, WY
82941 or in Cyberspace, barlow@eff.org.)

If your organization is interested in becoming part of the digital privacy
working group, please contact EFF's Washington office at: 666 Pennsylvania
Avenue SE, Suite 303, Washington, DC  20003, 202/544-9237, fax:
202/547-5481. EFFs also encourages individuasl interested in these issues
to join the organization. Contact us at: Electronic Frontier Foundation,
155 Second Street, Cambridge, MA  02141, 617/864-0665, eff-request@eff.org.

The legal right to express oneself is meaningless if there is no secure
medium through which that expression may travel. By the same token, the
right to hold certain unpopular opinions is forfeit unless one can discuss
those opinions with others of like mind without the government listening
in.

Even if you trust the current American government, as I am still largely
inclined to, there is a kind of corrupting power in the ability to create
public policy in secret while assuring that the public will have little
secrecy of its own.

In its secrecy and technological might, the NSA already occupies a very
powerful position. And conveying to the Department of Justice what amounts
to licensing authority for all communications technology would give it a
control of information distribution rarely asserted over English-speaking
people since Oliver Cromwell's Star Chamber Proceedings.

Are there threats, foreign or domestic, which are sufficiently grave to
merit the conveyance of such vast legal and technological might? And even
if the NSA and FBI may be trusted with such power today, will they always
be trustworthy? Will we be able to do anything about it if they aren't?

Senator Frank Church said of NSA technology in 1975 words which are more
urgent today:

"That capability at any time could be turned around on the American people
and no American would have any privacy left. There would be no place to
hide. If this government ever became a tyranny, the technological capacity
that the intelligence community has given the government could enable it to
impose total tyranny. There would be no way to fight back, because the most
careful effort to combine together in resistance to the government, no
matter how privately it was done, is within the reach of the government to
know. Such is the capacity of this technology."


San Francisco, California
Monday, May 4, 1992


A Plain Text on Crypto Policy
For the October, 1993  Electronic Frontier column
in Communications of the ACM
by
John Perry Barlow

The field of cryptography, for centuries accustomed to hermetic isolation
within a culture as obscure as its own puzzles, is going public. People who
thought algorithms were maybe something you needed to dig rap music are
suddenly taking an active interest in the black arts of crypto.

We have the FBI and NSA to thank for this. The FBI was first to arouse
public concerns about the future of digital privacy with its  injection of
language year before last into a major Senate anti-crime bill (SB 266)
which would have registered the congressional intent that all providers of
digitized communications should provide law enforcement with analog access
to voice and data transmissions of their subscribers.

When this was quietly yanked in committee, they returned with a proposed
bill called Digital Telephony. If passed, it would have essentially called
a halt to most American progress in telecommunications until they could be
assured of their continued ability to wiretap. Strange but true.

They were never able to find anyone in Congress technologically backward
enough to introduce this oddity for them, but they did elevate public
awareness of the issues considerably.

The National Security Agency, for all its (unknown but huge) budget, staff,
and MIPS, has about as much real world political experience as the Order of
Trappists and has demonstrated in its management of cryptology export
policies the maddening counter-productivity that is the usual companion of
inexperience.

The joint bunglings of these two agencies were starting to infuriate a lot
of people and institutions who are rarely troubled by Large Governmental
Foolishness in the Service of Paranoia. Along with all the usual paranoids,
of course.

Then from the NSA's caverns in Fort Meade, Maryland there slouched a chip
called Clipper.

For those of you who just tuned in (or who tuned out early), the Clipper
Chip...now called Skipjack owing to a trademark conflict...is a hardware
encryption device that NSA designed under Reagan-Bush. In April it was
unveiled by the Clinton Administration and proposed for both governmental
and public use. Installed in phones or other telecommunications tools, it
would turn any conversation into gibberish for all but the speaker and his
intended listener, using a secret military algorithm.

Clipper/Skipjack is unique, and controversial, in that it also allows the
agents of government to listen under certain circumstances. Each chip
contains a key that is split into two parts immediately following
manufacture. Each half is then placed in the custody of some trusted
institution or "escrow agent."

If, at some subsequent time, some government agency desires to legally
listen in on the owner of the communications device in which the chip has
been placed, it would present evidence of "lawful authority" to the escrow
holders. They will reveal the key pairs, the agency will join them, and
begin listening to the subject's unencrypted conversations.

(Apparently there are other agencies besides law enforcement who can
legally listen to electronic communications.  The government has evaded
questions about exactly who will have access to these keys, or for that
matter, what, besides an judicial warrant, constitutes the "lawful
authority" to which they continually refer.)

Clipper/Skipjack was not well received. The blizzard of anguished ASCII it
summoned forth on the Net has been so endlessly voluble and so painstaking
in its "How-many-Cray-Years-can-dance-on-the-head-of-a-Clipper-Chip"
technical detail that I would guess all but the real cypherpunks are by now
data-shocked into listlessness and confusion.

Indeed, I suspect that even many readers of this publication...a group with
prodigious capacity for assimilating the arid and obscure...are starting to
long for the days when their knowledge of cryptography and the public
policies surrounding it was limited enough to be coherent.

So I almost hesitate to bring the subject up. Yet somewhere amid this
racket, decisions are being made that will profoundly affect your future
ability to communicate without fear. Those who would sacrifice your liberty
for their illusions of public safety are being afforded some refuge by the
very din of opposition.

In the hope of restoring both light and heat to the debate, I'm going to
summarize previous episodes, state a few conclusions I've drawn about the
current techno-political terrain, and recommend positions you might
consider taking, as well as actions that might support them.


Clipper/Skipjack Really Is A Dumb Idea.

When I first heard about Clipper/Skipjack, I thought it might not be such a
bad idea. This false conclusion was partly due to the reality distorting
character of the location...I was about fifty feet away from the Oval
Office at the time...but it also seemed like one plausible approach to what
may be the bright future of crime in the Virtual Age.

I mean, I can see what the Guardian Class is worried about. The greater
part of business is already being transacted in Cyberspace. Most of the
money is there. At the moment, however, most of the monetary bits in there
are being accounted for. Accounting is digital,but cash is not.

It is imaginable that, with the widespread use of digital cash and
encrypted monetary exchange on the Global Net, economies the size of
America's could appear as nothing but oceans of alphabet soup. Money
laundering would no longer be necessary. The payment of taxes might become
more or less voluntary. A lot of weird things would happen after that...

I'm pretty comfortable with chaos, but this is not a future I greet without
reservation.

So, while I'm not entirely persuaded that we need to give up our future
privacy to protect ourselves from drug dealers, terrorists, child
molesters, and un-named military opponents (the Four Horsemen of Fear
customarily invoked by our protectors), I can imagine bogeymen whose
traffic I'd want visible to authority.

Trouble is, the more one learns about Clipper/Skipjack, the less persuaded
he is that it would do much to bring many actual Bad Guys under scrutiny.

As proposed, it would be a voluntary standard, spread mainly by the market
forces that would arise after the government bought a few tons of these
chips for their own "sensitive but unclassified" communications systems. No
one would be driven to use it by anything but convenience. In fact, no one
with any brains would use it if he were trying to get away with anything.

In fact, the man who claims to have designed Clipper's basic specs, Acting
NIST Director Ray Kammer, recently said,  "It's obvious that anyone who
uses Clipper for the conduct of organized crime is dumb." No kidding. At
least so long as it's voluntary.

Under sober review, there mounted an incredibly long list of reasons to
think Clipper/Skipjack might not be a fully-baked idea. In May, after a
month of study, the Digital Privacy and Security Working Group, a coalition
of some 40 companies and organizations chaired by the Electronic Frontier
Foundation (EFF), sent the White House 118 extremely tough questions
regarding Clipper, any five of which should have been sufficient to put the
kibosh on it.

The members of this group were not a bunch of hysterics. It includes DEC,
Hewlett-Packard, IBM, Sun, MCI, Microsoft, Apple, and AT&T (which was also,
interestingly enough, the first company to commit to putting
Clipper/Skipjack in its own products).

Among the more troubling of their questions:

*	Who would the escrow agents be?

*	 What are Clipper's likely economic impacts, especially in regard to
export of American digital products?

*	Why is its encryption algorithm secret and why should the public have
confidence in a government-derived algorithm that can't be privately
tested?

*	Why is Clipper/Skipjack being ram-rodded into adoption as a government
standard before completion of an over-all review of U.S. policies on
cryptography?

*	Why are the NSA, FBI, and NIST stone-walling Freedom of Information
inquiries about Clipper/Skipjack? (In fact, NSA's response has been,
essentially, "So? Sue us.")

*	Assuming Clipper/Skipjack becomes a standard, what happens if the escrow
depositories are compromised?

*	Wouldn't these depositories also become targets of opportunity for any
criminal or terrorist organization that wanted to disrupt US. law
enforcement?

*	Since the chip transmits its serial number at the beginning of each
connection, why wouldn't it render its owner's activities highly visible
through traffic analysis (for which government needs no warrant)?

*	Why would a foreign customer buy a device that exposed his conversations
to examination by the government of the United States?

*	Does the deployment and use of the chip possibly violate the 1st, 4th,
and 5th Amendments to the U.S. Constitution?

*	In its discussions of Clipper/Skipjack, the government often uses the
phrase "lawfully authorized electronic surveillance." What, exactly, do
they mean by this?

*	Is it appropriate to insert classified technology into either the public
communications network or into the general suite of public technology
standards?

And so on and so forth. As I say, it was a very long list.  On July 29,
John D. Podesta, Assistant to the President and White House Staff Secretary
(and, interestingly enough, a former legal consultant to EFF and Co-Chair
of the Digital Privacy Working Group), responded to these questions. He
actually answered few of them.

Still un-named, undescribed, and increasingly unimaginable were the escrow
agents. Questions about the inviolability of the depositories were met with
something like, "Don't worry, they'll be secure. Trust us."

There seemed a lot of that in Podesta's responses. While the government had
convened a panel of learned cryptologists to examine the classified
Skipjack algorithm, it had failed to inspire much confidence among the
crypto establishment, most of whom were still disinclined to trust anything
they couldn't whack at themselves. At the least, most people felt a proper
examination would take longer than the month or so the panel got. After
all, it took fifteen years to find a hairline fissure in DES .

But neither Podesta nor any other official explained why it had seemed
necessary to use a classified military algorithm for civilian purposes. Nor
were the potential economic impacts addressed. Nor were the concerns about
traffic analysis laid to rest.

But as Thomas Pynchon once wrote, "If they can get you asking the wrong
questions, they don't have to worry about the answers." Neither asked nor
answered in all of this was the one question that kept coming back to me:
Was this trip really necessary?

For all the debate over the details, few on either side seemed to be
approaching the matter from first principles. Were the enshrined
threats...drug dealers, terrorists, child molesters, and foreign
enemies...sufficiently and presently imperiling to justify fundamentally
compromising all future transmitted privacy?

I mean...speaking personally now...it seems to me that America's greatest
health risks derive from the drugs that are legal, a position the
statistics overwhelmingly support. And then there's terrorism, to which we
lost a total of two Americans in 1992, even with the World Trade Center
bombing, only 6 in 1993. I honestly can't imagine an organized ring of
child molesters, but I suppose one or two might be out there. And the last
time we got into a shooting match with another nation, we beat them by a
kill ratio of about 2300 to 1.

Even if these are real threats, was enhanced wire-tap the best way to
combat them? Apparently, it hasn't been in the past. Over the last ten
years the average total  nation-wide number of admissible state and federal
wire-taps has numbered less than 800. Wire-tap is not at present a major
enforcement tool, and is far less efficient than the informants, witnesses,
physical evidence, and good old fashioned detective work they usually rely
on.

(It's worth noting that the World Trade Center bombing case unraveled, not
through wire-taps, but with the discovery of the axle serial number on the
van which held the explosives.)

Despite all these questions, both unasked and unanswered, Clipper continues
(at the time of this writing) to sail briskly toward standardhood, the full
wind of government bearing her along.

On July 30, NIST issued a request for public comments on its proposal to
establish Clipper/Skipjack as a Federal Information Processing Standard
(FIPS).  All comments are due by September 28, and the government seems
unwilling to delay the process despite the lack of an overall guiding
policy on crypto. Worse, they are putting a hard sell on Clipper/Skipjack
without a clue as to who might be escrow holders upon whose political
acceptability the entire scheme hinges.

Nor have they addressed the central question: why would a criminal use a
key escrow device unless he were either very stupid...in which case he'd be
easily caught anyway...or simply had no choice.

All this leads me to an uncharacteristically paranoid conclusion:


The Government May Mandate Key Escrow Encryption and Outlaw Other Forms.

It is increasingly hard for me to imagine any other purpose for the
Clipper/Skipjack operetta if not to prepare the way for the restriction of
all private cryptographic uses to a key escrow system. If I were going to
move the American people into a condition where they might accept
restrictions on their encryption, I would first engineer the wide-spread
deployment of a key escrow system on a voluntary basis, wait for some blind
sheik to slip a bomb plot around it and then say, "Sorry, folks this ain't
enough, it's got to be universal."

Otherwise, why bother? Even its most ardent proponents admit that no
intelligent criminal would trust his communications to a key escrow device.
On the other hand, if nearly all encrypted traffic were Skipjack-flavored,
any transmission encoded by some other algorithm would stick out like a
licorice Dot.

In fact, the assumption that Cyberspace will roar one day with Skipjack
babble lies behind the stated reason for the secrecy for the algorithm. In
their Interim Report, the Skipjack review panel puts it this way:

Disclosure of the algorithm would permit the construction of devices that
fail to properly implement the LEAF [or Law Enforcement Access Field],
while still interoperating with legitimate SKIPJACK devices.  Such devices
would provide high quality cryptographic security without preserving the
law enforcement access capability that distinguishes this cryptographic
initiative.

In other words, they don't want devices or software out there that might
use the Skipjack algorithm without depositing a key with the escrow
holders. (By the way, this claim is open to question. Publishing Skipjack
would not necessarily endow anyone with the ability to build an
interoperable chip.)

Then there was the conversation I had with a highly-placed official of the
National Security Council in which he mused that the French had, after all,
outlawed the private use of cryptography, so it weren't as though it
couldn't be done. (He didn't suggest that we should also emulate France's
policy of conducting espionage on other countries' industries, though
wide-spread international use of Clipper/Skipjack would certainly enhance
our ability to do so.)

Be that as it may, France doesn't have a Bill of Rights to violate, which
it seems to me that restriction of cryptography in America would do on
several counts.

Mandated encryption standards would fly against the First Amendment, which
surely protects the manner of our speech as clearly as it protects the
content. Whole languages (most of them patois) have arisen on this planet
for the purpose of making the speaker unintelligible to authority. I know
of no instance where, even in the oppressive colonies where such languages
were formed, that the slave-owners banned their use.

Furthermore, the encryption software itself is written expression, upon
which no ban may be constitutionally imposed. (What, you might ask then,
about the constitutionality of restrictions on algorithm export. I'd say
they're being allowed only because no one ever got around to testing from
that angle.)

The First Amendment also protects freedom of association. On several
different occasions, most notably NAACP v. Alabama ex rel. Patterson and
Talley vs. California, the courts have ruled that requiring the disclosure
of either an organization's membership or the identity of an individual
could lead to reprisals, thereby suppressing both association and speech.
Certainly in a place like Cyberspace where everyone is so generally
"visible," no truly private "assembly" can take place without some
technical means of hiding the participants.

It also looks to me as if the forced imposition of a key escrow system
might violate the Fourth and Fifth Amendments.

The Fourth Amendment prohibits secret searches. Even with a warrant, agents
of the government must announce themselves before entering and may not
seize property without informing the owner. Wire-taps inhabit a gray-ish
area of the law in that they permit the secret "seizure" of an actual
conversation by those actively eavesdropping on it. The law does not permit
the subsequent secret seizure of a record of that conversation. Given the
nature of electronic communications, an encryption key opens not only the
phone line but the filing cabinet.

Finally, the Fifth Amendment protects individuals from being forced to
reveal self-incriminating evidence. While no court has ever ruled on the
matter vis a vis encryption keys, there seems something involuntarily
self-incriminating about being forced to give up your secrets in advance.
Which is, essentially, what mandatory key escrow would require you to do.

For all these protections, I keep thinking it would be nice to have a
constitution like the one just adopted by our largest possible enemy,
Russia. As I understand it, this document explicitly forbids governmental
restrictions on the use of cryptography.

For the moment, we have to take our comfort in the fact that our
government...or at least the parts of it that state their
intentions...avows both publicly and privately that it has no intention to
impose key escrow cryptography as a mandatory standard. It would be, to use
Podesta's mild word, "imprudent."

But it's not Podesta or anyone else in the current White House who worries
me. Despite their claims to the contrary, I'm not convinced they like
Clipper any better than I do. In fact, one of them...not Podesta...called
Clipper "our Bay of Pigs," referring to the ill-fated Cuban invasion cooked
up by the CIA under Eisenhower and executed (badly) by a reluctant Kennedy
Administration. The comparison may not be invidious.

It's the people I can't see who worry me. These are the people who actually
developed Clipper/Skipjack and its classified algorithm, the people who,
through export controls, have kept American cryptography largely to
themselves, the people who are establishing in secret what the public can
or cannot employ to protect its own secrets. They are invisible and silent
to all the citizens they purportedly serve save those who sit the
Congressional intelligence committees.

In secret, they are making for us what may be the most important choice
that has ever faced American democracy, that is, whether our descendants
will lead their private lives with unprecedented mobility and safety from
coercion, or whether every move they make, geographic, economic, or
amorous, will be visible to anyone who possesses whatever may then
constitute "lawful authority."


Who Are the Lawful Authorities?

Over a year ago, when I first fell down the rabbit hole into Cryptoland, I
wrote a Communications column called Decrypting the Puzzle Palace. In it, I
advanced what I then thought a slightly paranoid thesis, suggesting that
the NSA-guided embargoes on robust encryption software had been driven not
by their stated justification (keeping good cryptography out of the
possession of foreign military adversaries) but rather restricting its use
by domestic civilians.

In the course of writing that piece, I spoke to a number of officials,
including former CIA Director Stansfield Turner and former NSA Director
Bobby Ray Inman, who assured me that using a military organization to shape
domestic policy would be "injudicious" (as Turner put it), but no one could
think of any law or regulation that might specifically prohibit the NSA
from serving the goals of the Department of Justice.

But since then I've learned a lot about the hazy Post-Reagan/Bush lines
between law enforcement and intelligence. They started redrawing the map of
authority early in their administration with Executive Order 12333, issued
on December 4, 1981. (Federal Register #: 46 FR 59941)

This sweeping decree defines the duties and limitations of the various
intelligence organizations of the United States and contains the following
language:

1.4  The Intelligence Community.  The agencies within the Intelligence
Community shall...conduct intelligence activities necessary for the...
protection of the national security of the United States, including:
...
(c) Collection of information concerning, and the conduct of activities to
protect against, intelligence activities directed against the United
States, international terrorist and international narcotics activities, and
other hostile activities directed against the United States by foreign
powers, organizations, persons, and their agents;  (Italics Added)


Further, in Section 2.6, Assistance to Law Enforcement Authorities,
agencies within the Intelligence Community are

authorized to...participate in law enforcement activities to investigate or
prevent clandestine intelligence activities by foreign powers, or
international terrorist or narcotics activities.

In other words, the intelligence community was specifically charged with
investigative responsibility for international criminal activities in the
areas of drugs and terrorism.

Furthermore, within certain fairly loose guidelines, intelligence
organizations are "authorized to collect, retain or disseminate information
concerning United States persons" that may include "incidentally obtained
information that may indicate involvement in activities that may violate
federal, state, local or foreign laws."

Given that the NSA monitors a significant portion of all the electronic
communications between the United States and other countries, the
opportunities for "incidentally obtaining" information that might
incriminate Americans inside America are great.

Furthermore, over the course of the Reagan/Bush administration, the job of
fighting the War on Some Drugs gradually spread to every element of the
Executive Branch.

Even the Department of Energy is now involved. At an Intelligence Community
conference last winter I heard a proud speech from a DOE official in which
he talked about how some of the bomb-designing supercomputers at Los Alamos
had been turned to the peaceful purpose of sifting through huge piles of
openly available data...newspapers, courthouse records, etc....in search of
patterns that would expose drug users and traffickers. They are selling
their results to a variety of "lawful authorities," ranging from the
Southern Command of the U.S. Army to the Panamanian Defense Forces to
various County Sheriff's Departments.

"Fine," you might say, "Drug use is a epidemic that merits any cure." But I
would be surprised if there's anyone who will read this sentence who has
broken no laws whatever. And it's anybody's guess what evidence of other
unlawful activities might be "incidentally obtained" by such a wide net as
DOE is flinging.

The central focus that drugs and terrorism have assumed within the
intelligence agencies was underscored for me by a recent tour of the
central operations room at the CIA. There, in the nerve center of American
intelligence, were desks for Asia, Europe, North America, Africa and
"Middle East/Terrorism," and "South America/Narcotics." These bogeymen are
now the size of continents on the governmental map of peril.

Given this perception of its duties, the NSA's strict opposition to the
export of strong cryptographic engines, hard or soft,  starts to make more
sense. They are not, as I'd feared, so clue-impaired as to think their
embargoes are denying any other nation access to good cryptography.
(According to an internal Department of Defense analysis of crypto policy,
it recently took 3 minutes and 14 seconds to locate a source code version
of DES on the Internet.)

Nor do they really believe these policies are enhancing national security
in the traditional, military sense of the word, where the U.S. is, in any
case, already absurdly over-matched to any national adversary, as was
proven during the Gulf War.

It's the enemies they can't bomb who have them worried, and they are
certainly correct in thinking that the communications of drug traffickers
and whatever few terrorists as may actually exist are more open to their
perusal than would be the case in a world where even your grandmother's
phone conversations were encrypted.

And Clipper or no Clipper, such a world would be closer at hand if
manufacturers hadn't known than any device that embodies good encryption
would not be fit for export.

But with Clipper/Skipjack, there is a lot that the combined forces of
government will be able to do to monitor all aspects of your behavior
without getting a warrant. Betweenthe monitoring capacities of the NSA,
the great data-sieves of the Department of Energy, and the fact that, in
use, each chip would continually broadcast the whereabouts of its owner,
the government would soon be able to isolate just about every perpetrator
among us.

I assume you're neither a drug-user nor a terrorist, but are you ready for
this? Is your nose that clean? Can it be prudent to give the government
this kind of corrupting power?

I don't think so, but this is what will happen if we continue to allow the
secret elements of government to shape domestic policy as though the only
American goals that mattered were stopping terrorism (which seems pretty
well stopped already) and winning the War on Some Drugs (which no amount of
force will ever completely win).

Unfortunately, we are not able to discuss priorities with the people who
are setting them, nor do they seem particularly amenable to any form of
authority. In a recent discussion with a White House official, I asked for
his help in getting the NSA to come out of its bunker and engage in direct
and open discussions about crypto embargoes, key escrow, the Skipjack
algorithm, and the other matters of public interest.

"I'll see what we can do," he said.

"But you guys are the government," I protested. "Surely they'll do as you
tell them."

"I'll see what we can do," he repeated, offering little optimism.

That was months ago. In the meantime, the NSA has not only remained utterly
unforthcoming in public discussions of crypto policy, they have unlawfully
refused to comply with any Freedom of Information Act requests for
documents in this area.

It is time for the public to reassert control over their own government. It
is time to demand that public policy be made in public by officials with
names, faces, and personal accountability.

When and if we are able to actually discuss crypto policy with the people
who are setting it, I have a list of objectives that I hope many of you
will share. There are as follows:


A Policy on Cryptography

1. 	There should no law restricting any use of cryptography by private citizens.

2.	There should be no restriction on the export of cryptographic algorithms
or any other instruments of cryptography.

3.	Secret agencies should not be allowed to drive public policies.

4.	The taxpayer's investment in encryption technology and related
mathematical research should be made available for public and scientific
use.    	
5.	The government should encourage the deployment of wide-spread encryption.

6.	While key escrow systems may have purposes, none should be implemented
that places the keys in the hands of government.

7.	Any encryption standard to be implemented by the government should
developed in an open and public fashion and should not employ a secret
algorithm.

And last, or perhaps, first...

8.	There should be no broadening of governmental access to private
communications and records unless there is a public consensus that the
risks to safety outweigh the risks to liberty and will be effectively
addressed by these means.

If you support these principles, or even if you don't, I hope you will
participate in making this a public process. And there are a number of
actions you can take in that regard.

The National Institute of Standards and Technology (NIST) has issued a
request for public comments on its proposal to establish the "Skipjack"
key-escrow system as a Federal Information Processing Standard.  You've got
until September 28 to tell them what you think of that. Comments on the
NIST proposal should be sent to:

Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899

If you belong to or work for an organization, you can encourage that
organization to join the Digital Privacy Working Group. To do so they
should contact EFF's Washington office at:

Electronic Frontier Foundation
1001 G Street, NW
Suite 950 East
Washington, DC    20001
202/347-5400
Fax 202/393-5509
eff@eff.org

I also encourage individuals interested in these issues to either join EFF,
Computer Professionals for Social Responsibility, or one of the related
local organizations which have sprung up around the country. For the
addresses of a group in your area, contact EFF.


New York City, New York
Monday, September 6, 1993