Key Escrow, Key Recovery, Trusted Third Parties & Govt. Access to Keys

Files in this Archive

decrypting_puzzle_palace.article
John Perry Barlow's July 1992 article "Decrypting the Puzzle Palace," describing how the NSA seeks to dominate cyberspace. A wealth of early background material on FBI and NSA surveillance, political moves to oppose general public possession and use of strong encryption, and erection of export controls against encryption.
960724_isoc_crypto.statement
Statement on cryptographic technology and the Internet, from Internet Architecture Board and Internet Engineering Steering Group of the Internet Society (ISOC). Excerpt: "The IAB and IESG are...disturbed to note that various governments have actual or proposed policies on access to cryptographic technology that either: (a) impose restrictions by implementing export controls; and/or (b) restrict commercial and private users to weak and inadequate mechanisms such as short cryptographic keys; and/or (c) mandate that private decryption keys should be in the hands of the government or of some other third party; and/or (d) prohibit the use of cryptology entirely, or permit it only to specially authorized organizations."
9606_pff_crypto.report
"The Computer Revolution, Encryption & True Threats to National Security"; report condemning Clinton Adminstration encryption export policy and key "escrow" plans, by G.A. Keyworth II and David E. Colton, for the Progress and Freedom Foundation. HTML version available at http://www.pff.org/pff/encry.html at the PFF site. Co-author Keyworth was US President Ronald Reagan's scient advisor.
9605_nrc_cryptopolicy_draft.report
May 1996 (pre-publication draft) report by the National Research Council. Report strongly criticizes the Clinton Administration's encryption policies, and calls for relaxation of export restrictions. Unfortunately, report also calls for key "escrow", and buys into the government's wacky idea of a federally-controlled "Key Infrastructure", among other flaws. NOTE: This file is over 1 megabyte. See 9605_nrc_cryptopolicy_draft.report.gz for a gzip-compressed version.
9605_nrc_cryptopolicy_draft.report.gz
gzip-compressed version of above NRC report (about 450K).
alt_escrow_idea.debate
Brief debate on two alternative key "escrow" ideas: proposal by Dave Staelin for a system in which users choose any crypto but are required to retain copies of all keys used, said keys being obtainable by subpoena or warrant; modified proposal by Ron Rivest, in which copies of keys are held by a "trusted" third party who can be subpoenaed or searched by court order, keeping the escrow "feature" but removing the storage burden on the user. These proposals are followed by technical and (brief) legal critique by Matt Blaze, who points out fundamental problems in both systems, and finds them infeasible.
clipper_nist.defense
1994 statement by NIST regarding key escrow and how it is intended to be "voluntary". NIST maintains the same thing in 1995, even though FOIA-obtained documents *prove* this is a lie! (see /pub/Privacy/Clipper/Clipper_FOIA/
cops_net_architecture_johnson.article
"Law Enforcement and The Architecture of Cyberspace -- Should the Cops on the Beat Design the Electronic Street?", article by David Johnson. Excerpt: "The Administration has made its position clear: it will seek to encourage the use of the "Clipper Chip" and push for legislation that will require electronic communications systems to be designed to facilitate wiretapping and surveillance in real time...So we have a set of proposals that, in somewhat breath-taking fashion, claim for the cops not only the right to walk the beat but a privilege to say just how the street will be designed...But no such origin accounts for our best public spaces and I can tell you...that putting wiretapping at the top of the design priority list is a really dumb idea..."
crypto-policy_doe_94.report
December 1993 Department of Energy report analyzing trends in encryption technology, market export controls, and legislation which influence cryptography policy.
denning_0296_cryptoanarchy.article
Paper by Dr. Dorothy Denning that paints a picture of imminent "crypto-anarchy" disrupting society if all citizens are not required to turn over encryption keys to government (via governmental or corporate key "escrow" agencies.) Includes a critique that illuminates many of the logic flaws and fallcies necessary to support GAK (government access to keys) plans like those advocated by Denning and the NSA. All in all, a very strange rant.
epic_fbi_crypto_childporn.alert
EPIC mini-alert, reporting that FBI director Louis Freeh has already, as of Oct. 95, begun to attack cryptography as a hindrance to law enforcement with "evidence" that FBI efforts were hindered by encrypted files in a recent child porn investigation.
ellison_key_escrow.paper
"The Government Doesn't Want Key Escrow", Carl Ellison. Demonostrates that what the govt. really wants is access to citizen encryption keys, and that "escrow" is only one way to go about this.
hr_crypto_960515.letter
Letter from Rep. Goodlatte (and over 20 other Representatives) to Clinton Administration urging relaxation of crypto export controls and abandonment of Clipper III "key escrow" proposals. Also includes Goodlatte press release regarding the letter.
hr_crypto_960515_letter_eff.statement
Brief EFF statement on the House letter to Clinton demanding abandonment of "key escrow" and urging relaxation of export controls. (Also includes a copy of the letter).
crypto_rebels.article
1993 WIRED article "Crypto Rebels" describing the battle between the FBIs, NSAs, and Equifaxes of the world and a swelling movement of Cypherpunks, civil libertarians, and millionaire hackers. At stake: Whether privacy will exist in the 21st century. Discusses key escrow, crypto export and digital wiretapping.
G7
980731_g7_mccullagh.article
"Plague of Freedom: The Internet's Being Disinfected for Your Protection"; article by Declan McCullagh on G7 resolutions to restrict the Internet, and US Atty. Gen. Reno's announcement of G7 support for encryption key "escrow". (July 31, 1996)
1998
19980512_e-privacy_eff.pressrel
EFF press release regarding S. 6027, the "Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers" (E-PRIVACY) bill introduced in May 1998 by Senators Ashcroft and Leahy.
19980512_e-privacy_bill.summary
sponsors' introduction to and summary of S. 6027, the "Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers" (E-PRIVACY) bill introduced in May 1998 by Senators Ashcroft and Leahy.
1998_s6027_e-privacy_bill.draft
full text of S. 6027, the "Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers" (E-PRIVACY) bill introduced in May 1998 by Senators Ashcroft and Leahy. (This is a draft version that may differ slightly from the official version as introduced, which is not yet available online for some reason.)
19980304_eff-aclu-epic.statement
Mar. 1998 statement of EFF and other pro-privacy groups, in qualified support of the formation of the Americans for Computer Privacy, a trade group representing a host of high-tech companies formed to lobby Congress and educate the public about encryption policy issues. (ASCII text version)
19980521_e-privacy_eff_analysis.html
EFF analysis of the pros and cons of S. 6027, the "Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers" (E-PRIVACY) bill introduced in May 1998 by Senators Ashcroft and Leahy. The bill takes the right tack in putting new restraints on government privacy invasion, but also creates a new and unreasonable crypto-related crime, and fails to sufficiently deregulate encryption export and publication. (Revised May 21, 1998; original released May 19, 1998.)
19980304_eff-aclu-epic_statement.html
Mar. 1998 statement of EFF and other pro-privacy groups, in qualified support of the formation of the Americans for Computer Privacy, a trade group representing a host of high-tech companies formed to lobby Congress and educate the public about encryption policy issues. (HTML version)

Subdirectories in This Archive

1999/
directory of info on key recovery/escrow legislation & policy, in 1999
Clipper/
Directory of information on the original Clipper scheme.
Clipper_II/
directory of info on "Clipper II", the Clinton Administration's so-called key "escrow" scheme as pushed in 1995.
Clipper_III/
Link to directory of documents on the 1996 IWGCP draft key "escrow" scheme, referred to commonly as "Clipper III" or "Clipper 3"), and revised 1996-7 US crypto export policy in which medium strength crypto can be exported but only if key "escrowed" withing 2 years (commonly called "Clipper 3.11").
Euro-Clipper/
directory of info on key "escrow" and "trusted third party" schemes in Europe, labelled "Euro-Clipper" by many.
Foreign_and_local/
directory containing info on key escrow issues at the local/state level and in other countries than the US.

Related On-Site Resources

1997 ECPA SAFE ProCODEbills directory of info on encryption legislation
introduced in 1996 and 1997, including the Encrypted Communications Privacy Act (EPCA2), Promotion of Commerce Online with Digital Encryption Act (ProCODE), and Security and Freedom through Encryuption Act (SAFE). All of these bills were introduced to ease export restriction on encryption software. However, as of Sept. 1997, all were derailed, either being killed outright, or replaced with their Orwellian opposites designed to increase export controls, introduce import controls, and force mandatory key surrender.
Clipper/Capstone/EES/Tessera/Skipjack
link to directory on Clipper, the first US government key "escrow" scheme, and related plans, including Capstone and Tessera, higher-speed versions of Clipper (All are based on the classified Skipjack algorithm, NIST's Escrowed Encryption Standard). Most of the action on this issue was 1993-4, with focus shifting to "Clipper II" and "Clipper III" in subsequent years.
Crypto Export Regulations Link to directory
of info on US ITAR export regulations against encryption, and efforts to oppose them.

Links to Related Off-Site Resources

The Congressional Internet Caucus
A new group of US legislators trying to protect the Internet
Declassified documents reveal that, despite promises of "voluntary" key escrow,
FBI and NSA both believe that Clipper-like systems "will only work" if made mandatory (docs available via EPIC web site)
CDT Crypto Issues Page
Electronic Privacy Info. Center's Encryption Policy pages
Encryption Policy Resource Pages
Internet Privacy Coalition