From: Phil Karn <karn@unix.ka9q.ampr.org>
To: cypherpunks@toad.com
Message Hash: e79a3183e59579d5e123992c62334507c9aacc25f6b0eeb7eb76a68528eecf3d
Message ID: <9309280902.AA09142@unix.ka9q.ampr.org>
Reply To: N/A
UTC Datetime: 1993-09-28 09:01:25 UTC
Raw Date: Tue, 28 Sep 93 02:01:25 PDT
From: Phil Karn <karn@unix.ka9q.ampr.org>
Date: Tue, 28 Sep 93 02:01:25 PDT
To: cypherpunks@toad.com
Subject: My comments to NIST
Message-ID: <9309280902.AA09142@unix.ka9q.ampr.org>
MIME-Version: 1.0
Content-Type: text/plain
7431 Teasdale Avenue
San Diego, CA 92122
karn@unix.ka9q.ampr.org
September 27, 1993
Director, Computer Systems Laboratory
ATTN: Proposed FIPS for Escrowed Encryption Standard
Technology Building, Room B-154
National Institute of Standards and Technology
Gaithersburg, MD 20899
Re: A Proposed Federal Information Processing Standard for an Escrowed
Encryption Standard (EES)
Docket No 930659-3159
RIN 0693-AB19
Comments of Philip R. Karn, Jr
Sirs:
I am writing in response to your call for comments on the
aforementioned matter that appeared in the Federal Register on July
30, 1993. I am writing as a concerned individual with BS and MS
degrees in electrical and computer engineering and 15 years of
professional experience in communications, computer networking and
security at leading edge R&D organizations. I currently work in the
digital cellular telephone industry, a ripe application for robust
encryption if there ever was one. I feel that my experience in this
field qualifies me to comment on the practicality of the proposed
standard.
First of all, I am totally opposed to the entire concept of key
escrow. It is a dangerous, un-American and fatally flawed idea that
should never have been proposed. In my opinion, everyone has the
Constitutional right to use the encryption scheme of their choice,
whether or not the government can break it. The impact of strong
encryption on the enforcement of legitimate laws is and will remain
minimal. Even unbreakable encryption is incapable of thwarting
standard investigational techniques such as informants, testimony
compelled through grants of immunity, "end point" surveillance (e.g.,
hidden microphones), the gathering of physical evidence of crimes and
so forth.
Strong un-escrowed encryption will, on the other hand, finally put an
end to illegal, often politically motivated interceptions of private
electronic communications without having to rely on anyone's goodwill,
such as the still-unnamed "key escrow agencies". Precisely because
eavesdropping has been so easy to do and so hard to detect, the
government has repeatedly proven itself untrustworthy in this regard,
as documented in great detail by the Watergate investigations and the
Church Committee hearings of the 1970s. Why should we trust it now?
Although the government currently claims that the EES will be a
"voluntary" standard, many of its features make no sense whatsoever in
this context. For example, why must the Skipjack algorithm be kept
secret if individuals remain free to use other algorithms such as
triple-key DES or IDEA that are quite probably even stronger?
The government's claim is completely transparent, as one simply cannot
escape the conclusion that the EES is a prelude to a ban on all other
encryption schemes, or at least a ban on those the government can't
crack. And this presents a profoundly disturbing threat to some very
important Constitutional principles.
Countless others have argued forcefully against the proposal on these
and other grounds. For example, see the points made by the Computing
Professionals for Social Responsibility (CPSR) in the attached
Appendix. I fully agree with CPSR and feel that they alone should have
been enough to stop the proposal long ago.
However, the fact that the Escrowed Encryption Standard has advanced
so quickly despite these serious problems reveals the totally
one-sided nature of the decision process. Far from being an
independent and impartial agency, NIST has proven itself to be merely
a pawn for the National Security Agency, the Federal Bureau of
Investigation and other powerful intelligence and law enforcement
agencies. Despite (or perhaps because of) encryption's enormous
potential to put real "teeth" into the Constitutional principles of
privacy and freedom of speech and association, these agencies are
notably unsympathetic to tFrom owner-cypherpunks Tue Sep 28 05:51:28 1993
Received: by toad.com id AA02707; Tue, 28 Sep 93 05:46:19 PDT
Received: by toad.com id AA02651; Tue, 28 Sep 93 05:41:49 PDT
Return-Path: <nowhere@bsu-cs.bsu.edu>
Received: from bsu-cs.bsu.edu ([147.226.112.101]) by toad.com id AA02647; Tue, 28 Sep 93 05:41:46 PDT
Received: by bsu-cs.bsu.edu (5.57/Ultrix3.0-C)
id AA08271; Tue, 28 Sep 93 07:43:59 -0500
Date: Tue, 28 Sep 93 07:43:59 -0500
Message-Id: <9309281243.AA08271@bsu-cs.bsu.edu>
From: Anonymous <nowhere@bsu-cs.bsu.edu>
To: cypherpunks@toad.com
X-Remailed-By: Anonymous <nowhere@bsu-cs.bsu.edu>
X-Ttl: 0
X-Notice: This message was forwarded by a software-
automated anonymous remailing service.
Subject: Disturbing statistics on wiretaps
Organization: Coalition for Cryptographic Freedom
In the paper written by Delaney, Denning and Kaye (Wiretap Laws and
Procedures -- What Happens when the U.S. Government Taps a Line,
September 23, 1993), a few numbers were presented from a 1992 report
which reflect the wiretaps put into place during that year.
Without further details concerning the specifics surrounding some
of these numbers, it should certainly raise eyebrows on a couple
of points:
- All 919 "interceptions" were authorized. The numbers presented in
this report indicate that none were denied.
- Out of this number, 303 were in single family homes, 135 were in
apartments and 289 were categorized as placed in "other" locations.
- Out of 919, 634 were placed into service for interception of
information involving narcotics. The closest contender in this
area involved racketeering, in which 90 was the magic number.
- The number of persons arrested was 2,685. Of that number, only
607 were convicted.
These statistics alone should concern YOU.
Return to September 1993
Return to “Timothy Newsham <newsham@wiliki.eng.hawaii.edu>”