1993-12-30 - Revised Clipper FOIA results from Asst Secretary of Defense

Header Data

From: gnu (John Gilmore)
To: cypherpunks
Message Hash: e22b49f2e1d373341ccb39be7d452dc6eb2de914fa1504f6e86f5837f7809272
Message ID: <9312301021.AA19157@toad.com>
Reply To: N/A
UTC Datetime: 1993-12-30 10:22:59 UTC
Raw Date: Thu, 30 Dec 93 02:22:59 PST

Raw message

From: gnu (John Gilmore)
Date: Thu, 30 Dec 93 02:22:59 PST
To: cypherpunks
Subject: Revised Clipper FOIA results from Asst Secretary of Defense
Message-ID: <9312301021.AA19157@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


We sent in an administrative appeal on June 17th, 1993, of various
things that were withheld in the response to our FOIA request.  The
Office of the Secretary of Defense responded on December 21, 1993 --
six months later.  (By law, agencies have twenty business days to
respond to an administrative appeal.  However, agencies regularly
violate all FOIA time limits because the courts have largely refused to
censure agencies for breaking the law, and have refused to force
agencies to follow the law.  I will point this out each time it happens,
largely to educate you -- the general public -- about how pervasive a
problem this is.)

We did an administrative appeal of the parts they withheld and other
documents they did not provide.  The result is that one more doc came
out (a cover sheet for a review copy of the President's actual
directive, which is still classified and has been referred back to the
National Security Council for processing), and the previously withheld
paragraph of the last two memos below is now only blacked out for a sentence
or two.

The newly released text is highlighted with XXXX's and explanation.

	John Gilmore


	[This page originally XXXXXXXXXXXXXXX TOP SECRET; now UNCLASSIFIED]

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE
WASHINGTON, DC  20301-3040

COMMAND CONTROL COMMUNICATIONS AND 
INTELLIGENCE

MEMORANDUM FOR MS. JOANN H. GRUBE, NSA 
REPRESENTATIVE/NSC PRD-27 EXPORT CONTROL 
WORKING GROUP

SUBJECT:  Comments on PRD-27/NSA Draft (U)

	(U)	Following are comments concerning your proposed 
memorandum to Jim Lewis, Department of State:

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXX blacked out via FOIA (b)(1) exemption. XXXXXXXXXXXXXXXXXXX

	(U)	The assertions in this draft are merely unsupported 
statements.  Recommend that the memorandum provide more 
empirical evidence to back up its assertions, and that the above 
comments be reflected in its contents.

	(signed)
	Daniel J. Ryan
	Director, Information Systems Security

CLASSIFIED BY:  OASD(C3I)/DIR, ISS
DECLASSIFY ON:  OADR


	[This page originally XXXXXXXX SECRET; now UNCLASSIFIED]

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE
WASHINGTON DC 20301-3040

COMMAND, CONTROL, COMMUNICATIONS AND
INTELLIGENCE

30 APR 1993  (stamped)

MEMORANDUM FOR THE ACTING ASSISTANT SECRETARY OF DEFENSE (C3I)

Subject:  PRD/NSC-27 Advanced Telecommunications and Encryption (U)

(U)	Advances in telecommunications have created the
opportunity for public use of encryption to ensure the privacy and
integrity of business and personal communications.  These same
advances threaten the capabilities of law enforcement and national
security operations that intercept the communications of
narcotraffickers, organized criminals, terrorists, espionage agents
of foreign powers and SIGINT targets.  Diverse interests are in
diametric opposition with regard to industry's right to sell and the
public's right to use such capabilities.  A highly-emotional, spirited
public debate is likely.

(U)	In its simplest construct, this complex set of issues places
the public's right to privacy in opposition to the public's desire for
safety.  The law enforcement and national security communities
argue that if the public's right to privacy prevails and free use of
cryptography is allowed, criminals and spies will avoid wiretaps
and other intercepts and consequently prosper.  They propose that
cryptography be made available and required which contains a
"trapdoor" that would allow law enforcement and national security
officials, under proper supervision, to decrypt enciphered
communications.  Such cryptography exists, and while there are
many practical problems to be solved, this proposal is technically
possible to achieve.

(U)	Opponents of the proposal argue that the public has a right
to and an expectation of privacy, that a trapdoor system would be
prone to misuse and abuse, and that the proposed solution would
not work in any practical sense.  They assert that people who are
deliberately breaking much more serious laws would not hesitate to
use cryptography that does not have a trapdoor, and that secure
cryptography will inevitably be supplied by offshore companies.
Thus, freedom will be lost and many tax dollars spent to no effect.

(U)	This situation is complicated by the existence of other
interests.  For example, there currently exist strict controls on the
export of cryptography.  The computer industry points out that it
has one of the few remaining positive trade balances and that it is
vital that the dominance of the American computer industry in
world markets be preserved.  The industry fears that this will be
lost if offshore developers incorporate high-quality cryptography
into their products while U.S. industry either cannot do so or
suffers higher costs or delays due to requirements for export
licenses.  The industry argues persuasively that overseas markets
(much less drug lords or spies) will not look with favor on U.S.
products which have known trapdoors when offshore products
which do not have them are available.  In support of their
argument, they note that powerful public-key cryptography
developed and patented by RSA using U.S. tax dollars is free to
developers in Europe, subject to royalties in the United States, and
cannot be exported without expensive and time-late export
licenses.  These charges are true.

(U)	The national security community is especially interested in
preventing the spread of high-quality encipherment routines
overseas, and argues that more extensive use here at home will
inevitably result in such a proliferation.  Actually, it is too late.
The Data Encryption Standard (DES) is already widely available
throughout the world in both hardware and software forms, and
DES software can be downloaded anywhere in the world from
public bulletin boards by anyone with a PC, a MODEM and a
telephone.  In one recent experiment it took three minutes and
fourteen seconds to locate a source-code version of DES on the
INTERNET.  Widespread availability of DES and RSA will enable
offshore developers to provide high-quality encipherment for voice
and data communications in competition with U.S. industry's
products.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX The entire paragraph that follows was originally withheld as XX
XXXX classified information.  We appealed the withholding, and XXXXX
XXXX most of the paragraph was released, with only one or two XXXXXX
XXXX sentences withheld at the bottom. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  [(S) crossed out, replaced by] (U)  Trapdoor encryption technology is
not essential to the debate (a system that required the escrow of keys
by users of cryptographic technologies could be established even if
the trapdoor chips did not exist), proposed use of trapdoor technology
does raise a further complication: neither the academic community nor
private industry is comfortable with encryption algorithms that are
kept secret, as will be the case with the trapdoor chip.  It has been
suggested that an independent panel of cryptography experts will be
invited to evaluate the algorithm.  This will undoubtedly fail to
reassure the community at large that there are no unrecognized
vulneratilities, since the panel will be perceived as captive and
tainted.  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX One or two sentences blacked out via FOIA exemption (b)(1) XXXX

(U)	Despite these concerns, the President has directed that the
Attorney General request that manufacturers of communications
hardware use the trapdoor chip, and at least AT&T has been
reported willing to do so (having been suitably incentivised by
promises of Government purchases).  The Attorney General has
also been directed to create a system for escrow of key material.
The Secretary of Commerce has been directed to produce standards
based on the use of the trapdoor chip.

(U)	The President has also directed that the fact that law
enforcement officials will have access to the keys will not be
concealed from the public.  National security officials are not
mentioned.

(U)	The new administration is committed to the development of
an information superhighway and a National Information
Infrastructure in support of the economy.  This worthy goal is
independent of arguments as to whether or not law enforcement
and national security officials will be able to read at will traffic
passing along the information superhighway.  A full-scale public
debate is needed to ascertain the wishes of U.S. citizens with
regard to their privacy, and the impact on public safety of
preserving privacy at the expense of wiretapping and
communications intercept capabilities of law enforcement and
national security personnel.  It is not clear what the public will
decide.  In the meantime, DoD has trapdoor technology and the
Government is proceeding with development of the processes
needed to apply that technology in order to maintain the capability
to perform licit intercept of communications in support of law
enforcement and national security.

	(signed)
	Ray Pollari
	Acting DASD (CI & SCM)


	[This page originally SECRET; now UNCLASSIFIED]

ASSISTANT SECRETARY OF DEFENSE
WASHINGTON DC  20301-3040

May 3, 1993

COMMAND, CONTROL, COMMUNICATIONS AND
INTELLIGENCE

EXECUTIVE SUMMARY

MEMORANDUM FOR DEPUTY SECRETARY OF DEFENSE
FROM:		CHARLES A. HAWKINS, JR., ACTING ASD(C3I)  (initialed C. Hxxx)
SUBJECT:	Advanced Telecommunications and Encryption (U)
PURPOSE:	INFORMATION

DISCUSSION:	(U)  In response to DEPSECDEF's tasking of
21 Apr 93 (TAB A) this information is provided.  Advances in
telecommunications have created the opportunity for public use of
encryption to ensure the privacy and integrity of business and
personal communications.  These same advances threaten the
capabilities of law enforcement and national security operations that
intercept the communications of narcotraffickers, organized
criminals, terrorists, espionage agents of foreign powers and a broad
range of SIGINT targets.  Diverse interests are in diametric
opposition with regard to industry's right to sell and the public's right
to use such capabilities.  A highly-emotional, spirited public debate
is likely.

	(U)  The law enforcement and national security communities
argue that if the public's right to privacy prevails and free use of
cryptography is allowed, criminals and spies will avoid wiretaps and
other intercepts.  They propose that cryptography be made available
to the public which contains a "trapdoor" that would allow law
enforcement and national security officials, under proper
supervision, to decrypt enciphered communications.  Such
cryptography exists, and while there are many practical problems to
be solved, this proposal is technically possible to implement.

	(U)  Opponents of the proposal argue that the public has a
right to and expectation of privacy, that such a system would be
prone to misuse and abuse, and that the proposed solution would not
work in any practical sense.  They assert that criminals and spies will
not hesitate to use secure cryptography supplied by offshore
companies.  Thus, the loss of privacy would outweigh any
advantages to law enforcement or national security.

	(U)  The computer industry points out that it has one of the
few remaining positive trade balances and that it is vital that the
dominance of the American computer industry in world markets be
preserved.  The industry fears that this will be lost if offshore
developers incorporate high-quality cryptography into their products
while U.S. industry either cannot do so or suffers higher costs or
delays due to requirements for export licenses because of strict
controls of export of cryptography.  The industry argues persuasively
that overseas markets (much less drug lords or spies) will not look
with favor on U.S. products which have known trapdoors when
offshore products which do not have them are available.

CLASSIFIED BY:	DASD(CI&SCM)
DECLASSIFY ON:	OADR


	[This page originally XXXXXXXX SECRET; now UNCLASSIFIED]


	(U)  The national security community is especially interested
in preventing the spread of high-quality encipherment routines
overseas, and argues that more extensive use here at home will
inevitably result in such a proliferation.  This would increase the cost
of performing the SIGINT mission or decrease the amount of
intelligence, or both.  The Data Encryption Standard (DES) is
already widely available throughout the world in both hardware and
software forms, and DES software can be downloaded anywhere in
the world from public bulletin boards by anyone with a PC, a
MODEM, and a telephone.  Thus far, widespread availability has not
led to widespread use.  However, widespread availability of DES and
RSA will make it possible for offshore developers to provide high-
quality encipherment for voice and data communications in
competition with U.S. industry's products.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX The entire paragraph that follows was originally withheld as XX
XXXX classified information.  We appealed the withholding, and XXXXX
XXXX most of the paragraph was released, with only one or two XXXXXX
XXXX sentences withheld at the bottom. XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  [(S) crossed out, replaced by] (U)  Trapdoor encryption technology is
not essential to the debate since a system that required the escrow of
keys by users of cryptographic technologies could be established even
if the trapdoor chips did not exist.  Proposed use of trapdoor
technology does raise a further complication: neither the academic
community nor private industry is comfortable with encryption
algorithms that are kept secret, as will be the case with the trapdoor
chip.  It has been suggested that an independent panel of cryptography
experts will be invited to evaluate the algorithm.  This will not
reassure the community at large that there are no unrecognized
vulneratilities, since the panel will be perceived as captive and
tainted.  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXX One or two sentences blacked out via FOIA exemption (b)(1) XXXX

	(U)  The President has directed that the Attorney General
request that manufacturers of communications hardware use the
trapdoor chip.  The Attorney General has also been directed to create
a system for escrow of key material.  The Secretary of Commerce
has been directed to produce standards based on the use of the
trapdoor chip.  The President has also directed that the fact that law
enforcement officials will have access to the keys will not be
concealed from the public.  National security officials are not
mentioned.

	(U)  The new administration is committed to the development
of an information superhighway and a National Information
Infrastructure in support of the economy.  This worthy goal is
independent of arguments as to whether or not law enforcement and
national security officials will be able to read at will traffic passing
along the information superhighway.  A full-scale public debate is
beginning which will ascertain the wishes of U.S. citizens with
regard to their privacy and the impact on public safety of preserving
privacy at the expense of wiretapping and communications intercept
capabilities of law enforcement and national security personnel.  It is
not clear what the public will decide.  In the meantime, DoD has
trapdoor technology and the Government is proceeding with
development of the processes needed to apply that technology in
order to maintain the capability to perform licit intercept of
communications in support of law enforcement and national security.

Prepared by:  Dan Ryan/ODASD(CI & SCM)/x 41779/28 Apr 93/OSD
-- 
John Gilmore                gnu@toad.com  --  gnu@cygnus.com  --  gnu@eff.org
  ``This committee has not tried to determine whether the National Security
  Agency tendency to advance exaggerated claims of authority ... stems from
  conscious policy or the actions of individual NSA employees.''
The Government's Classification of Private Ideas, House Report 96-1540, p. 67





Thread