Key Escrow, Key Recovery, Trusted Third Parties & Govt. Access to Keys
Files in this Archive
- John Perry Barlow's July 1992 article
"Decrypting the Puzzle Palace," describing how the NSA seeks to
dominate cyberspace. A wealth of early background material on FBI
and NSA surveillance, political moves to oppose general public
possession and use of strong encryption, and erection of export
controls against encryption.
- Statement on cryptographic technology and
the Internet, from Internet Architecture Board and Internet Engineering
Steering Group of the Internet Society (ISOC). Excerpt: "The IAB and
IESG are...disturbed to note that various governments have actual or
proposed policies on access to cryptographic technology that either:
(a) impose restrictions by implementing export controls; and/or
(b) restrict commercial and private users to weak and inadequate
mechanisms such as short cryptographic keys; and/or
(c) mandate that private decryption keys should be in the hands of
the government or of some other third party; and/or
(d) prohibit the use of cryptology entirely, or permit it only
to specially authorized organizations."
- "The Computer Revolution, Encryption & True
Threats to National Security"; report condemning Clinton Adminstration
encryption export policy and key "escrow" plans, by G.A. Keyworth II
and David E. Colton, for the Progress and Freedom Foundation. HTML
version available at http://www.pff.org/pff/encry.html at the PFF site.
Co-author Keyworth was US President Ronald Reagan's scient advisor.
- May 1996 (pre-publication draft)
report by the National Research Council. Report strongly criticizes the
Clinton Administration's encryption policies, and calls for relaxation of
export restrictions. Unfortunately, report also calls for key "escrow",
and buys into the government's wacky idea of a federally-controlled "Key
Infrastructure", among other flaws. NOTE: This file is over 1 megabyte.
See 9605_nrc_cryptopolicy_draft.report.gz for a gzip-compressed version.
- gzip-compressed version of above
NRC report (about 450K).
- Brief debate on two alternative key "escrow" ideas:
proposal by Dave Staelin for a system in which users choose any crypto
but are required to retain copies of all keys used, said keys being
obtainable by subpoena or warrant; modified proposal by Ron Rivest, in
which copies of keys are held by a "trusted" third party who can be
subpoenaed or searched by court order, keeping the escrow "feature" but
removing the storage burden on the user. These proposals are followed by
technical and (brief) legal critique by Matt Blaze, who points out
fundamental problems in both systems, and finds them infeasible.
- 1994 statement by NIST regarding key escrow and
how it is intended to be "voluntary". NIST maintains the same thing in
1995, even though FOIA-obtained documents *prove* this is a lie! (see
- "Law Enforcement and The
Architecture of Cyberspace -- Should the Cops on the Beat Design the
Electronic Street?", article by David Johnson. Excerpt: "The
Administration has made its position clear: it will seek to
encourage the use of the "Clipper Chip" and push for legislation that
will require electronic communications systems to be designed to
facilitate wiretapping and surveillance in real time...So we have a set
of proposals that, in somewhat breath-taking fashion, claim for the
cops not only the right to walk the beat but a privilege to say just
how the street will be designed...But no such origin accounts for
our best public spaces and I can tell you...that putting wiretapping
at the top of the design priority list is a really dumb idea..."
- December 1993 Department of Energy report
analyzing trends in encryption technology, market export controls, and
legislation which influence cryptography policy.
- Paper by Dr. Dorothy Denning
that paints a picture of imminent "crypto-anarchy" disrupting society if
all citizens are not required to turn over encryption keys to government
(via governmental or corporate key "escrow" agencies.) Includes a
critique that illuminates many of the logic flaws and fallcies
necessary to support GAK (government access to keys) plans like those
advocated by Denning and the NSA. All in all, a very strange rant.
- EPIC mini-alert, reporting that FBI
director Louis Freeh has already, as of Oct. 95, begun to attack
cryptography as a hindrance to law enforcement with "evidence" that FBI
efforts were hindered by encrypted files in a recent child porn
- "The Government Doesn't Want Key Escrow", Carl
Ellison. Demonostrates that what the govt. really wants is access to
citizen encryption keys, and that "escrow" is only one way to go about
- Letter from Rep. Goodlatte (and over 20 other
Representatives) to Clinton Administration urging relaxation of crypto
export controls and abandonment of Clipper III "key escrow" proposals.
Also includes Goodlatte press release regarding the letter.
- Brief EFF statement on the House
letter to Clinton demanding abandonment of "key escrow" and urging
relaxation of export controls. (Also includes a copy of the letter).
- 1993 WIRED article "Crypto Rebels" describing the
battle between the FBIs, NSAs, and Equifaxes of the world and a
swelling movement of Cypherpunks, civil libertarians, and millionaire
hackers. At stake: Whether privacy will exist in the 21st century.
Discusses key escrow, crypto export and digital wiretapping.
- "Plague of Freedom: The Internet's Being
Disinfected for Your Protection"; article by Declan McCullagh on G7
resolutions to restrict the Internet, and US Atty. Gen. Reno's
announcement of G7 support for encryption key "escrow". (July 31, 1996)
- EFF press release regarding S. 6027, the
"Encryption Promotes the Rights of Individuals in the Virtual Arena
Using Computers" (E-PRIVACY) bill introduced in May 1998 by Senators
Ashcroft and Leahy.
- sponsors' introduction to and summary
of S. 6027, the "Encryption Promotes the Rights of Individuals in the
Virtual Arena Using Computers" (E-PRIVACY) bill introduced in May 1998
by Senators Ashcroft and Leahy.
- full text of S. 6027, the "Encryption
Promotes the Rights of Individuals in the Virtual Arena Using
Computers" (E-PRIVACY) bill introduced in May 1998 by Senators Ashcroft
and Leahy. (This is a draft version that may differ slightly from the
official version as introduced, which is not yet available online for
- Mar. 1998 statement of EFF and other
pro-privacy groups, in qualified support of the formation of the
Americans for Computer Privacy, a trade group representing a host
of high-tech companies formed to lobby Congress and educate the public
about encryption policy issues. (ASCII text version)
- EFF analysis of the
pros and cons of S. 6027, the "Encryption Promotes the Rights of
Individuals in the Virtual Arena Using Computers" (E-PRIVACY) bill
introduced in May 1998 by Senators Ashcroft and Leahy. The bill
takes the right tack in putting new restraints on government privacy
invasion, but also creates a new and unreasonable crypto-related crime,
and fails to sufficiently deregulate encryption export and publication.
(Revised May 21, 1998; original released May 19, 1998.)
- Mar. 1998 statement of EFF
and other pro-privacy groups, in qualified support of the formation of
the Americans for Computer Privacy, a trade group representing a host
of high-tech companies formed to lobby Congress and educate the public
about encryption policy issues. (HTML version)
Subdirectories in This Archive
- directory of info on key recovery/escrow legislation & policy,
- Directory of information on the original Clipper scheme.
- directory of info on "Clipper II", the Clinton
Administration's so-called key "escrow" scheme as pushed in 1995.
- Link to directory of documents on the 1996 IWGCP
draft key "escrow" scheme, referred to commonly as "Clipper III" or
"Clipper 3"), and revised 1996-7 US crypto export policy in which medium
strength crypto can be exported but only if key "escrowed" withing 2
years (commonly called "Clipper 3.11").
- directory of info on key "escrow" and "trusted third party"
schemes in Europe, labelled "Euro-Clipper" by many.
- directory containing info on key escrow issues at the
local/state level and in other countries than the US.
Related On-Site Resources
1997 ECPA SAFE ProCODEbills
directory of info on encryption legislation
- introduced in 1996 and 1997, including the Encrypted
Communications Privacy Act (EPCA2), Promotion of Commerce Online with
Digital Encryption Act (ProCODE), and Security and Freedom through
Encryuption Act (SAFE). All of these bills were introduced to ease
export restriction on encryption software. However, as of Sept. 1997,
all were derailed, either being killed outright, or replaced with their
Orwellian opposites designed to increase export controls, introduce
import controls, and force mandatory key surrender.
- link to directory on Clipper, the
first US government key "escrow" scheme, and related plans, including
Capstone and Tessera, higher-speed versions of Clipper (All are based
on the classified Skipjack algorithm, NIST's Escrowed Encryption
Standard). Most of the action on this issue was 1993-4, with focus
shifting to "Clipper II" and "Clipper III" in subsequent years.
Crypto Export Regulations
Link to directory
- of info on US ITAR export regulations
against encryption, and efforts to oppose them.
Links to Related Off-Site Resources
The Congressional Internet Caucus
- A new group of US legislators trying to protect the Internet
documents reveal that, despite promises of "voluntary" key
- FBI and NSA both believe that Clipper-like systems "will only
work" if made mandatory (docs available via EPIC web site)
- CDT Crypto Issues
- Electronic Privacy Info.
Center's Encryption Policy pages
- Encryption Policy Resource
- Internet Privacy