1994-01-07 - Crypto Controls in the USA

Header Data

From: Michael Johnson <mpj@csn.org>
To: cypherpunks@toad.com
Message Hash: 77448fcb4dbb7ea04e7ea2e8f4196fb9524037ad6f120df0df3b978be46333d1
Message ID: <199401071333.AA01463@teal.csn.org>
Reply To: N/A
UTC Datetime: 1994-01-07 13:34:41 UTC
Raw Date: Fri, 7 Jan 94 05:34:41 PST

Raw message

From: Michael Johnson <mpj@csn.org>
Date: Fri, 7 Jan 94 05:34:41 PST
To: cypherpunks@toad.com
Subject: Crypto Controls in the USA
Message-ID: <199401071333.AA01463@teal.csn.org>
MIME-Version: 1.0
Content-Type: text/plain


                 Data Encryption Software
                         and
                 Technical Data Controls
                        in the
                 United States of America

Copyright (C) 1994 Michael Paul Johnson
PO Box 1151
Longmont CO 80502-1151
USA

mpj@csn.org

303-447-7302

Distribute unmodified copies freely.

7 January 1994


1.   Introduction
2.   Problems with the Status Quo
2.1.   Regulations Ignore Technology
2.2.   Overly Broad Definition of "Encryption Software"
2.3.   Overly Broad Definition of Export
2.4.   Censorship and the First Amendment
3.   National Security Issues
3.1.   Signals Intelligence
3.1.1.    Enemy Signals
3.1.2.    Bugs & National Technical Means
3.2.   Counter-Intelligence Activities
3.3.   Our Military and Diplomatic Communications
3.4.   Banking Transactions
3.5.   Domestic Personal and Corporate Communications
3.6.   Authentication in the Private Sector
3.7.   Upholding the Constitution
3.8.   Law Enforcement
3.9.   Technology Base Migration and Loss
4.   Technology Issues
4.1.   Availability of Computers
4.2.   Telephone Lines and Modems
4.3.   The Internet
4.4.   Information Services and Bulletin Boards
4.5.   Books and Magazines
4.6.   Availability of Encryption Software
4.7.   DES is Dying
4.8.   Unbreakable Encryption
5.   Economic Issues
5.1.   International Trade
5.2.   Cryptographic Competition
5.3.   Domestic Chilling Effect
6.   Regulatory Issues
6.1.   Clarity of Regulations and their Intent
6.2.   The First Amendment
6.3.   Enforcement
6.4.   Consistency with Technology
7.   Recommendations
7.1.   Reevaluate National Security Impact
7.2.   Deregulate Publicly Available Information
7.3.   Deregulate Research and Publication
7.4.   Replace DES with Better Public Standard
7.5.   Control NSAs Cryptographic Technology
7.6.   Alternate Intelligence Methods
7.7.   Alternate Law Enforcement Methods
7.8.   Clarify & Repair Export Regulations

1.  Introduction

The current status of the regulation of encryption software in 
the United States of America is, at best, confusing and harmful 
to business.  At worst, the current status is harmful to 
National Security and violates U. S. Constitution.  I invite you 
to study this issue with me.  I present what I perceive to be 
the problems and the issues that must be considered, then 
suggest some solutions.  Even if you don't fully agree with all 
of my statements, I hope that they prove helpful to your own 
understanding of this situation.

2.  Problems with the Status Quo

I perceive several problems with the current International 
Traffic in Arms Regulations (ITAR) far beyond typos like the 
reference to $120.10(d), which doesn't exist, in $120.10(1).  
These problems are severe enough that I hope that they will be 
rectified soon before they do even more damage.  All of the 
problems with the ITAR mentioned here have to with encryption 
software, as defined in the ITAR.

2.1  Regulations Ignore Technology

The ITAR ignores the fact that software, like other technical 
data, can exist in a multitude of forms, many of which know no 
national boundaries.  The ITAR ignores the fact that much of 
what is prohibited to be exported exists in unlimited quantities 
outside the USA.  The ITAR hurts U. S. Business but doesn't 
significantly reduce the availability of strong encryption 
technology outside the USA.  The ITAR ignores the widespread use 
of purely electronic means to distribute software, such as the 
Internet, Computer Bulletin Board Systems (BBS), and commercial 
information services (such as CompuServe).  The ITAR ignores the 
fact that shareware publishing, which is a form of 
Constitutionally protected publication, propagates software all 
over the world with no formal distribution mechanism.

2.2  Overly Broad Definition of "Encryption Software"

"Encryption software" is defined in $121.8(f) and $121.1, 
Category XIII(b) to include not only computer programs designed 
to protect the privacy of information, but all of the technical 
data about those programs.  This naturally includes a great deal 
of material in any large library or book store.  William B. 
Robinson, Director of the United States Department of State, 
Bureau of Politico-Military Affairs, Office of Defense Trade 
Controls, states in his letter to me of 30 November 1993, that 
"the exemptions listed in $125.4 for technical data do not apply 
to cryptographic software and source code."  I conclude, 
therefore, that the ITAR implies that the majority of the 
libraries and larger bookstores in the United States stock 
"munitions" on their shelves for anyone to read.

2.3  Overly Broad Definition of Export

$120.17 of the ITAR makes it clear that allowing a foreign 
person to read a book containing encryption software constitutes 
export.  Therefore it seems possible that some perverse person 
might state that all of the libraries and bookstores that 
contain any book on cryptography must register as an exporter of 
munitions.  This situation gets even more interesting in its 
electronic analogies.  However, restricting domestic 
distribution of technology that is perfectly legal and useful 
within the USA just because a foreigner might see it is not only 
unreasonable, it could probably not stand a Constitutional 
challenge.

2.4  Censorship and the First Amendment

The ITAR does make some acknowledgment of the fact that not all 
of the publications that it calls "encryption software" need be 
subject to export restrictions, but doesn't even come close to 
defining the difference.  All it does is set forth a censorship 
procedure called a "Commodity Jurisdiction Procedure" (see 
$120.4).

From what I know of the First Amendment and Constitutional case 
law (I'm not a lawyer, but I took a class on the subject), the 
only way the Federal Government can legally take away U. S. 
Citizen's rights to freedom of speech or freedom of the press is 
when there is a clear danger that is caused by that expression, 
or a significant infringement of the rights of another person.  
The classic examples of this are yelling "FIRE" in a crowded 
theater, or committing libel or slander.  In the case of 
technical data concerning encryption software that is already in 
the "public domain" (as defined in the ITAR for technical data), 
the damage (or benefit), if any, is pretty much already done and 
further publication probably makes little difference.  I believe 
that any definition of what is a munition that makes the 
nation's bookstores and libraries appear to be exporters of 
munitions is not just ridiculous, it is unconstitutional.

When I tried to get clarification from the Department of State 
on what the rules that they applied when performing their 
censorship role (Commodity Jurisdiction Proceeding) were, all I 
got back was two letters, one that clarified a point made muddy 
by a typo in the ITAR and gave no help beyond the ITAR itself, 
and one form letter that said that the Department of State would 
not deal with hypothetical questions (even though most of my 
questions weren't purely hypothetical).

This serious Constitutional question casts doubt on the 
enforceability of any of the regulations in the ITAR against any 
encryption software.  It could be difficult to prove that the 
publication of a particular piece of technical data or computer 
program caused specific, measurable damage resulting from 
intentional export without a license (even if you could figure 
out who exported it).  Yet, there cannot be any restriction to 
U. S. Citizen's freedom of speech and freedom of the press 
unless it can be proved that damage resulted from that speech.

3.  National Security Issues

"National Security" means a lot of things.  It means maintaining 
the integrity and safety of our Constitution, our people, our 
land, and our environment.  It means the ability to defend 
ourselves against anyone or any thing that would seek to harm 
us.  Our freedom, constitutional democracy, and fairness to all 
citizens are our greatest protection against internal threats.  
This gives us the strength and will to have a strong diplomatic, 
economic, and military force to protect us against external 
threats.

3.1  Signals Intelligence

In the context of encryption software, the most obvious 
connection to National Security (if you ask the NSA) is the 
impact on intelligence operations.  In the process of spying on 
enemies, it is a lot safer to listen to what they are doing 
remotely than to send a person in to spy.  The two main ways of 
doing this are (1) to listen to and/or alter signals that they 
generate for their own purposes, and (2) to listen to signals 
emanating from devices that we have placed for the purposes of 
listening.

3.1.1  Enemy Signals

Enemy signals may include telemetry, radio transmissions on 
various frequencies for various purposes, telephone 
conversations, computer data links of various sorts, etc.  These 
all may provide some kind of clue as to what evil deeds they may 
try to perpetrate on us next, or may indicate significant 
vulnerabilities for us to exploit in war time.  The enemy knows 
that we know this, and will probably try to protect at least 
some of their signals using encryption, deception, jamming, or 
data hiding (steganography).

It is possible that an enemy might use some of our own 
encryption technology against us.  The enemy may either directly 
use a commercial product to hide the meaning of communications 
from us, or use some published technology originated in the USA 
and other free countries to build their own systems.  They may 
also add their own secret innovations to what they learn from 
us.  Of course, there is also the consideration that an enemy 
would prefer to use cryptographic technology of their own 
design.  This would give them the advantage of not letting us 
know which algorithm they are using.  It would also deprive us 
of the huge head start we have on cryptanalysis of things like 
the ancient Data Encryption Standard (DES).  This may not be 
enough to stop me from protecting a proprietary cookie recipe 
with the DES algorithm (or the triple DES variant if the cookies 
tasted good and weren't fattening), but it would be a 
significant consideration for a nation planning to bomb Pearl 
Harbor.  DES is probably a bad example, since everyone on planet 
Earth who really cares already has a copy of a program that does 
DES encryption, or can get one in a few minutes.

Using a commercial product like a spread sheet or data base 
program that does encryption only as an extra feature against us 
is something of a problem for an enemy, since such products are 
not normally well suited to the applications needed in military 
and diplomatic situations.  Imagine giving a field commander a 
laptop computer with a U. S. commercial spread sheet program on 
it to decrypt orders from his commander.  I may underestimate 
the silliness of our enemies, but I don't think that this is 
likely.  A much more tamper-resistant device with better key 
management would be much more appropriate for a military or 
diplomatic application.  Use of our publicly available 
encryption design technical data in building more appropriate 
military communications security devices is a more likely threat 
in the case of a clever adversary.  The only consolation in this 
case is that we also have access to this same data as an aid to 
cryptanalysis.

In the extreme case, strong cryptographic technology could 
become so readily available and easy to use that most of the 
interesting signals generated by enemies for their own purposes 
are encrypted in such a way that we cannot decrypt or subvert 
the communications without stealing their keys.  In that case, 
all nations might have to behave like gentlemen (and not open 
the other's mail or read their electronic communications).  Then 
again, that is probably too idealistic to expect.  It is more 
likely that mankind will only figure out other ways of spying on 
each other.

3.1.2  Bugs & National Technical Means

Even if the enemy takes great care to protect the secrecy and 
integrity of their own communications channels, we can still spy 
on them.  Listening devices can be made so small and have such 
inconspicuous output that they can be almost impossible to 
detect or jam when planted properly.  It takes very little power 
to send a signal to a nearby relay to a satellite, and many 
varieties of listening devices can be used.  Even if an enemy 
becomes wise to one kind, another kind may be in use.  Suffice 
it to say that all the encryption technology in the world could 
not cut off this source of intelligence, since all valuable 
intelligence exists in the clear at some point.  If it didn't, 
it would be of no value to the originator and intended 
recipient.

Public use of strong cryptographic technology may limit the 
points where listening devices must be planted to be of value, 
but can never totally cut off this sort of intelligence.  
Increases in knowledge cryptography and steganography may help 
this sort of spying more than hinder it.

3.2  Counter-Intelligence Activities

Increased public use of strong cryptography makes it easier for 
a spy to obtain a good cryptosystem.  It also makes it easier to 
send encrypted messages without arousing suspicion.  That is 
good for our spies, but bad for detecting spies in our own 
country.  Then again, it would be a pretty inept spy (ours or 
theirs) who could not now obtain a good cryptosystem and send 
messages home without arousing suspicion, under conditions much 
worse than the USA right now.  Of course, increased public use 
of strong cryptography also makes it harder for a spy to find 
valuable data to send back home.  I think that the net effect 
will be that spies in the USA (and some other developed nations) 
will be harder to catch, but less effective.

3.3  Our Military and Diplomatic Communications

The greatest contribution of cryptography to our National 
Security is in protecting our own military and diplomatic 
communications from eavesdropping or alteration.  Communications 
of this nature must be private, must be authentic (not an 
alteration or forgery), and must not have been altered in 
transit.  Increased public use of strong cryptography can only 
help us to keep our most sensitive communications private.  This 
is because there will be more encrypted traffic to attempt 
attacks on, making traffic analysis harder.  It also may be that 
discoveries made in the private sector help in the design and 
evaluation of military and diplomatic cryptosystems.

3.4  Banking Transactions

We do so much banking electronically that failure to use strong 
cryptography to protect these transactions would be criminally 
negligent.  It would be like not locking the vault and bank 
doors and not posting a guard.  The importance of the integrity 
of our banking system to our economic well-being is obvious.  
The cryptographic protection must also be economical, just as 
the bank buildings, vaults, and other security systems must be, 
or the banks will not remain competitive.  We must balance the 
cost of protection with the value of what is being protected.  
Strong cryptography usually doesn't cost much more to implement 
than weak cryptography, and may save a whole lot of money if it 
can prevent some fraud.

3.5  Domestic Personal and Corporate Communications

Although there are strict and fairly consistent guidelines for 
the protection of U. S. Government classified information, the 
private sector is much more vulnerable.  Some companies are very 
security conscious, but some are not.  Those which are not are 
easy targets for foreign and domestic spies, either working for 
governments or competing corporations (or both).  Encouraging 
good security practices in the private sector, including use of 
strong cryptography, use of good crosscut shredders, etc., makes 
the USA more secure against this threat.

Protection of personal communications with encryption is good 
for privacy, just as locks on doors and curtains on windows are. 
 It becomes very important in some cases, such as when a 
battered person is hiding from a stalker that is still at large, 
or when coordinating activities that might attract criminals 
like shipping diamonds.  Encryption technology can help reduce 
crime, just like dead bolt locks.  Just as I prefer to manage my 
own dead bolt keys, I'd rather not be forced to escrow a master 
key to my data with Big Brother.  This isn't because I do 
anything evil with my dead bolts or cryptographic software, but 
because I love freedom.  This preference is nearly universal 
among users of cryptography, and the countries and companies 
that cater to this desire will have a big economic advantage.

3.6  Authentication in the Private Sector

Encryption technology is the only way to provide a signature on 
a digital document.  Nothing is totally fool proof, but digital 
signatures, when done properly, are much harder to forge or 
refute than pen and ink signatures on paper.  Electronic 
documents can be transmitted faster and with higher fidelity 
than faxes, and the ability to sign them will be a great aid to 
quickly and conveniently doing business with remote customers 
and suppliers.  As contract case law and technology evolve, this 
will become more and more important to our economy.

3.7  Upholding the Constitution

Citizens of the United States of America have a right to privacy 
guaranteed by the Constitution's Bill of Rights.  This quaintly 
stated right to be secure in our papers and effects is highly 
cherished.  The advance of technology has eroded privacy.  
Corporations like Tandy openly track their customer's names, 
addresses, buying habits, then shower them with junk mail.  
Credit bureaus keep massive amounts of (often incorrect) data on 
people all over the country -- information that is supplied to 
lenders and in the form of prescreened mailing lists for 
solicitors.  Government organizations keep records of real 
estate transactions, census data, and other such records that 
are used by solicitors to pester owners of houses in selected 
neighborhoods.  Hospitals keep your patient records on computer 
systems that can be accessed by many people.  Cellular and 
cordless telephones are trivial to monitor without physically 
tapping any wires, and legislated privacy in these areas is 
unenforceable.

Strong encryption can bring back part of the privacy that has 
been lost to technology.  No law can keep spies and criminals 
from listening to phone calls made over radio links (including 
microwave and satellite links for normal phone calls), but 
encryption can make those calls unintelligible to criminals and 
other unauthorized listeners.

3.8  Law Enforcement

The proper use of encryption technology by law enforcement 
officers helps deny knowledge of monitoring operations to 
criminals and fugitives.  It helps them to keep records private 
and protect under cover agents.  It helps prevent tampering and 
deception from being used against them in their own 
communications.  Unfortunately, this is a two-edged sword.  
Strong encryption technology can also be used by criminals to 
thwart the efforts of law enforcement officers to gather useful 
information from court authorized wire taps.

Strong cryptography also provides a "safe" way for a criminal to 
keep records of nefarious deeds that cannot be read by the 
police and used as convincing evidence leading to a conviction.  
Of course, fewer such records might be kept in the absence of 
strong cryptography, and some records kept in this manner might 
not be all that useful in obtaining a conviction.  This is not 
very assuring to law abiding citizens and law enforcement 
officers, who want dangerous criminals to be caught well before 
they meet the Ultimate Judge in Heaven.  Fortunately, most of 
the investigative tools available to law enforcement officials 
are not affected by strong cryptography.  It is also likely that 
anyone stupid enough to engage in criminal activity is likely to 
screw up in some way that leaks information about their actions. 
 Murder, terrorism, rape, and other violent crimes are not all 
that hard to commit (for those devoid of conscience or with the 
twisted conscience of a kamikaze), but these crimes are very 
difficult to get away with.

3.9  Technology Base Migration and Loss

When a technology is discouraged by over-regulation, taxation, 
or other means, that technology becomes less profitable in the 
country where it is discouraged.  Less profitable technologies 
are not invested in as heavily.  Therefore, the technology in 
that country will tend to fall behind.  Right now, it appears 
more profitable to develop an encryption product for sale in 
many other countries than in the USA because export of this 
technology from the USA is discouraged but import is not.  An 
entrepreneur in New Zealand has an unfair advantage against one 
in the USA.  The New Zealander is not required to cripple key 
lengths or deal with unreasonable and unreadable regulations 
like our ITAR.  This means that encryption technology in the USA 
will tend to atrophy while it prospers in other countries.  This 
is bad for National Security.

4.  Technology Issues

Any policy concerning encryption software that is to make sense 
must take into account the realities of the current state of the 
art in the applicable technologies.  Failure to do so could at 
best lead to confusion, and at worst do much more harm than 
good.

4.1  Availability of Computers

It doesn't take a lot of computing power to perform strong 
encryption (locking data up).  It often takes a great deal of 
computing power to do serious cryptanalysis (unlocking data 
without the key).  Strong encryption can be done with almost any 
microprocessor on today's market.  The original IBM PC (now 
greatly outclassed by the current desktop computers) has more 
than enough computing power to lock up significant amounts of 
data so tight that all the spy organizations in the world 
combined could not unlock it for thousands of years or more.  
This class of computer is available in essentially any developed 
or semi-developed country in the world.

4.2  Telephone Lines and Modems

There are still places in the world that don't have easy access 
to telephone lines, but they are growing fewer all the time.  
The places that do have telephones, computers, and modems are 
those places where encryption technology is the most useful.  Be 
they friend or foe, these places all have one thing in common.  
They are only a telephone call or two away from strong 
cryptographic software if they know where to call, and it isn't 
that hard to find out.  Since many telephone connections are by 
satellite, and since international telephone traffic is not 
routinely monitored and censored by most free nations, any 
technical data (including encryption software) can be 
transmitted across almost any national border unhindered and 
undetected.

4.3  The Internet

The Internet has grown to such a large, international collection 
of high speed data paths between computers, that it has become, 
among other things, one of the most effective examples of 
international freedom of expression in existence.  Physical 
distances and political boundaries become irrelevant.  I can 
peruse data posted for public access on university and corporate 
computer systems on five continents and many islands, no matter 
if I'm in the USA or in Russia.  This is a powerful research 
tool.  News groups provide discussion forums for subjects 
technical and nontechnical, decent and obscene, conservative and 
liberal, learned and ignorant, from Animal husbandry to Zymurgy, 
and more.  The Internet provides easy access to lots of strong 
cryptographic technology and software that can be reached from 
any nation with a connection to the Internet.  A great deal of 
this data originated from outside the USA.

The most complete and up to date collections of encryption 
software on the Internet are published for anonymous ftp from 
sites outside the USA.  (Anonymous ftp sites are computer 
systems that allow anyone to log in with the name "anonymous" 
using the file transfer protocol program called "ftp" to 
transfer files to their own system).  There are several ftp 
sites in the USA that carry some encryption software, and they 
have varying degrees of barriers to export.  Some sites make no 
attempt at all to limit access to encryption software.  Some 
sites are very effective at not allowing export, but are totally 
ineffective at distributing software domestically because of the 
hassles they impose on users (who can just as easily get the 
same stuff from Italy).

The strongest barrier to export that I've seen used at a U. S. 
domestic ftp site for encryption software that doesn't totally 
defeat most of the advantages of this form of software 
distribution is the one used at rsa.com for the distribution of 
their RSAREF package and RIPEM.  The idea is to force you to 
read a text file containing an anti-export warning before you 
can find the data you are after.  The text file that contains 
the warning also contains the name of a hidden directory that 
changes periodically.  The encryption software is in the hidden 
directory.  Naturally, this doesn't prevent an unwelcome 
intruder from stealing the data anyway, but the moral barrier 
presented probably reduces the number of "exports" from that 
site initiated by people in other countries.  I support RSA Data 
Security, Incorporated's right to publish this data, even though 
I have observed copies of this data on several foreign computer 
systems.

I tried hard to think of a better solution (and even called the 
Department of State and the NSA for ideas), but there is 
basically no way to widely and freely publish any data in the 
USA without making it possible for a foreigner to steal that 
data out of the country.  Even if the data is confined to 
physical packages and sold or placed in libraries only in the 
USA, there is nothing to prevent someone (either a U. S. or 
foreign citizen) from buying or borrowing a copy, then 
transmitting a copy of that copy out of the country.  Even if 
positive proof of citizenship is required before release of the 
data, all it takes is one citizen to release a copy of the data 
outside the USA.  You might argue that there would be a strong 
moral barrier against this, but remember that all it takes is 
one.  What does it matter to someone if they send a copy of 
encryption software to a friend or relative in another country 
so that they can send private electronic mail back and forth?  
All it takes is one copy out of the country, and that copy can 
be copied any number of times.  If rabbits multiplied so easily, 
we would all quickly drown in them.

The bottom line is that the best solution to balancing freedom 
of the press and the ITAR for encryption software ftp sites is 
just an annoyance for the intended users and a way to make it 
impossible to prove that the operators of the site intended to 
break any valid law.  This may or may not have any bearing on 
the proliferation of encryption technology outside of the USA.  
I am not a lawyer, but I know RSA Data Security, Incorporated, 
has lots of them, and I don't believe they would do anything 
stupid.

4.4  Information Services and Bulletin Boards

CompuServe, America Online, Genie, Bix, Delphi, and other 
similar services offer massive amounts of data, including 
encryption software and technical data, to callers.  They often 
act as common carriers between correspondents who carry this 
data themselves, and really don't know the contents of what they 
are carrying.  Other times, they are well aware of what they 
have.  For example, CompuServe publishes a magazine promoting 
some of the shareware that they carry, and featured some 
encryption software in an article in their November 1993 issue.  
These information services also serve customers outside of the 
USA.  Indeed, it would be very difficult not to do so, even if 
they didn't want to bring some foreign money into their hands.

Computer bulletin board systems vary in size from hobby systems 
running on a single PC in a home to large commercial systems.  
Some are run as a hobby, some as a means of providing technical 
support to customers, and some as profit-making information 
services.  A very large number of these systems have encryption 
software on them with no export controls expressed, implied, or 
implemented.  Indeed, many of the operators of these systems 
would laugh in your face if you claimed they were trafficking in 
arms.  These systems are normally accessible from anywhere with 
a telephone, computer, and modem.

4.5  Books and Magazines

Encryption software and technical data about it can be found in 
a large number of books and magazines in libraries, book stores, 
and by subscription in and out of the USA.  Some of these have 
companion disks that can be ordered separately or that are bound 
in the back of the book.  Some have associated postings on an 
information service.  Some have printed computer program source 
code listings in them.  In those rare cases where the book and 
disk sets are not distributed by the publisher outside the USA, 
it is almost certain that the books and disks will appear 
outside the USA, because most book stores don't restrict their 
sales to U. S. Citizens.  Indeed, to do so sounds rather fascist 
and unamerican:  "Let me see your citizenship papers before you 
buy a book!"  This country is both more pleasant and a lot more 
secure without such nonsense.

4.6  Availability of Encryption Software

There is already a large number of free or very inexpensive 
software packages available internationally from various 
information services, computer bulletin boards, Internet ftp 
sites, and commercial packages available off the shelf.  These 
include:

    o Many DES implementations originating from many 
      countries.

    o Several packages that implement the Swiss IDEA cipher.

    o Several packages that directly implement triple-DES.

    o Assorted implementations of published algorithms, some 
      of which probably exceed DES in strength.

    o Assorted programs (such as utility packages, spread 
      sheets, database programs, and word processors) that 
      include some form of encryption that is incidental to
      their main function.  The security of the encryption 
      varies from so poor that it should be called false 
      advertising (like that used in Microsoft Word), to 
      probably good against all but professional cryptanalysts
      (like PKZIP), to fairly decent implementations of DES or
      better.

    o Numerous proprietary algorithms, many of which probably 
      claim greater security than they merit, but some of which
      may be very good.

    o A few encryption packages that effectively use a 
      combination of the RSA public key encryption algorithm and
      a block cipher (DES, triple DES, or IDEA) to encrypt
      electronic mail.

    o Several cryptographer's tool kits that implement large 
      integer arithmetic over finite fields, fast DES, IDEA,
      and RSA implementations, and other data that facilitates 
      including these functions in other programs.

There are also a few cryptanalytical programs floating 
around internationally to assist in cracking insecure 
cryptosystems like the password protected files of Microsoft 
Word and WordPerfect.  In most cases, this software encryption 
and cryptanalytical software cannot ever be eradicated (even if 
you think it should be), because there are so many copies held 
by people who think that this software is a Good Thing.  Any one 
copy can be copied again as much as desired.  Hiding software is 
much easier than hiding elephants.

The bottom line is that the cat is out of the bag, so to speak, 
and no amount of regulation can ever put the cat and all its 
millions of kittens back in again.

4.7  DES is Dying

DES was doomed to a limited lifetime from the beginning by 
limiting its key length to 56 bits.  This was probably done 
intentionally, since there was much opposition to this decision 
at the time.  It is also possible that this key length may have 
been an indication from the NSA that because of differential 
cryptanalysis, the strength of the algorithm didn't justify a 
larger key.  Now a paper has been published that shows how DES 
can be cracked for an amount of money that is within the budgets 
of many nations and corporations (Efficient DES Key Search, by 
Michael J. Wiener, 20 August 1993).  Schematic diagrams of 
showing how to build a device to accomplish this task are 
included in the paper, which has been distributed 
internationally electronically.  I would be very surprised if 
one or more of the world's major intelligence gathering 
organizations had not already built DES cracking machines of 
greater sophistication than Michael Wiener's.  The only reason 
that I say that DES is not totally dead is that it is still 
useful in some cases, for the same reason that physical locks 
that can be picked with a pocket knife or credit card in a 
matter of seconds are still sold and used.  DES encryption does 
help keep unauthorized, honest, ladies and gentlemen out of your 
proprietary and personal data.  When used in its triple DES 
variant, it might even keep dishonest people with big budgets 
and lots of motivation out of your private data.

4.8  Unbreakable Encryption

One very well known algorithm (called the One Time Pad), when 
properly used (i. e. with truly random keys used only once), can 
never be broken by anyone, no matter what their computing power. 
The One Time Pad has been known to the general public for many 
years, but it has not caused the end of the free world.  I've 
never heard of a case of it being used for any criminal activity 
except for spying (and there, I suppose, the use by "us" and 
"them" somehow balances out).  The One Time Pad is still used to 
protect our most sensitive diplomatic communications.  An 
implementation of the One Time Pad in software is trivial, as 
the following complete, non-hypothetical, Pascal program 
demonstrates:

program one_pad;
  uses dos;
  var infile, keyfile, outfile: file of byte;
      plain, key, cipher: byte;
begin
  if paramcount < 3 then
    begin
      writeln('Usage: one_pad infile keyfile outfile')
    end
  else
    begin
      assign(infile, paramstr(1));
      reset(infile);
      assign(keyfile, paramstr(2));
      reset(keyfile);
      assign(outfile, paramstr(3));
      rewrite(outfile);
      while (not eof(infile)) and (not eof(keyfile)) do
        begin
          read(infile, plain);
          read(keyfile, key);
    {The following single line does the encryption/decryption.}
          cipher := plain xor key;
          write(outfile, cipher);
        end;
      close(outfile);
      close(infile);
      close(keyfile);
    end
end.

The whole One Time Pad program is short enough to be written 
from memory (for an experienced programmer, anyway).  (For 
instructions on using the above program, see your local library 
or check out the sci.crypt Frequently Asked Questions document 
on the Internet.)  It could be argued that the trivial program 
above isn't a complete encryption system, since it doesn't do 
any key management.

Ladies and gentlemen, does this document contain a weapon of war 
or other munition, or is it just free exercise of the author's 
freedom of the press?  Would the ITAR prohibit the export of 
this document or not?  I claim that the U. S. Constitution 
specifically allows me to publish this document, no matter what 
the ITAR says.

5.  Economic Issues

While it seems clear that it is impossible to exercise our right 
to freely publish encryption technical data and software in the 
USA and at the same time prevent its export, it is very easy to 
economically damage the USA with encryption export controls.

5.1  International Trade

It seems that the only encryption software that can be legally 
exported for profit from the USA is either (1) crippled to 
provide weak security (i. e. only a 40 bit key with RC-2 or 
RC-4), (2) limited in function to certain purposes that do not 
cover all market needs, or (3) limited in distribution to a 
limited market.  Therefore, encryption software export is not a 
very lucrative field to enter.  How can you compete with foreign 
competitors who need not cripple their products?

5.2  Cryptographic Competition

There are sources of cryptographic software outside the USA 
where the encryption software is not crippled, and is available 
at a competitive price.  Given a choice, the full-featured, 
secure software is more likely to win.  This means that other 
countries will grow in this area and the USA will suffer 
economically.

5.3  Domestic Chilling Effect

Export controls on encryption software discourage distribution 
of strong encryption software in the USA and encourage the 
weakening of domestic software to the same inadequate standards 
forced upon exported software.  It seems better to buy (real or 
perceived) strong security from an external source than from a 
domestic, persecuted supplier.  Even though it would be 
unconstitutional for the ITAR to disallow domestic distribution 
of encryption software, few people want to be harassed by the 
federal government or become a test case where the 
unconstitutionality of the ITAR is conclusively proven in 
court.

6.  Regulatory Issues

The International Traffic in Arms Regulations are designed to 
make the world a safer place by limiting the export of weapons 
and military equipment.  It also regulates classified or 
otherwise non-public technical data about those weapons.  Most 
of the items regulated have a whole lot more to do with the 
objective of limiting arms proliferation than encryption 
software and technical data.  The subject of this document, 
however, is limited to a discussion of the regulation of 
encryption technical data and software.

6.1  Clarity of Regulations and their Intent

For a regulation to be effective and enforceable, it must be 
clear.  No one should be compelled to guess what the state 
requires or proscribes.  Indeed, how could you be expected to 
follow a law you don't understand?  There should be a clear way 
of telling what is and is not allowed without having to submit 
an item for censorship.  The intent of the regulation should 
also be clear, so that a citizen could reasonably understand 
what the regulation is for.

6.2  The First Amendment

The ITAR cannot override the Constitution of the United States 
of America, in spite of its current claims that indicate that it 
does.  To the degree that it does violate the Constitution, it 
is null and void.  Any limitation on the freedom of speech and 
freedom of the press of U. S. Citizens must be clearly linked 
with a severe danger or denial of rights to another person that 
can be proven in court.  Worse things than encryption software 
have been upheld in court as Constitutionally protected 
expression.

When balancing defense and intelligence considerations with the 
U. S. Constitution, it is important to remember that (1) the 
whole point of defense and intelligence operations is to protect 
and defend the Constitution and the people of the United States 
of America, (2) the Constitution is the Supreme law of the land, 
and (3) federal officials and military officers in the USA are 
sworn to uphold the Constitution.

There is a theory among those involved in private sector 
cryptography in the USA that there is an official or 
semi-official policy of discouraging strong cryptography within 
the borders of the USA, while giving the appearance of 
supporting it.  There is evidence to support this theory in 
certain documents recently obtained under the Freedom of 
Information Act by John Gillmore and released to the public.  
This theory also explains a whole lot of otherwise difficult to 
explain circumstances.  Because such a policy, if openly stated, 
would sound stupid at best and like treason against the 
Constitution at worst, it is not openly stated as such.  Export 
control regulations and patent law appear to have been used as 
tools to carry out this policy of discouraging strong 
cryptography for the general public.  In the event this scandal 
is even partially true, then the policy must be reexamined.  
This policy might not exist, but some alternate explanations for 
some of the evidence is even more disturbing.

6.3  Enforcement

A regulation that cannot possibly be enforced is of questionable 
value, at best.  Ideally, it should be possible to detect all 
violations and demonstrate beyond the shadow of a doubt to a 
judge and jury that the violation was perpetrated by a specific 
person or persons.

6.4  Consistency with Technology

Regulations cannot ignore technology, math and science.  
Regulations cannot redefine pi to be exactly 3, repeal the law 
of gravity, or stop radio waves at national boundaries.  In the 
same way, regulations (like the ITAR) that treat public 
information like tanks, guns, and nuclear weapons make no 
sense.

7.  Recommendations

So far, I have pointed out problems and considerations that 
cannot be satisfied concurrently.  On the other hand, it is 
possible to do much better than current regulations do.

7.1  Reevaluate National Security Impact

A study of the total impact of public use of strong encryption 
software should be made that includes all of the considerations 
mentioned above, as well as classified data concerning just how 
much impact (if any) such software (which is widely available 
now and projected to increase in both quality and quantity) has 
on current U. S. and foreign intelligence operations.

7.2  Deregulate Publicly Available Information

Export controls on publicly available information, including 
encryption software and technical data, are not only 
ineffective, unenforceable, unclear, and damaging to U. S. 
business interests, they are likely to be ruled unconstitutional 
in any serious challenge.  Deregulating this information would 
help the U. S. economy, increase the use of strong encryption 
software in the places where it does the most good, and have 
minimal negative effects.  Since so much strong encryption 
technical data and software is available now, it is unclear if 
any additional negative effects would even be enough to measure. 
 The desired effects of better security and technology in the 
USA and a healthier economy would, however, be substantial.

7.3  Deregulate Research and Publication

Research and publication of scholarly work in the international, 
public forums benefit the USA.  The fact that this also benefits 
other nations does not diminish the value to the USA.  This does 
not prevent the NSA from conducting classified research within 
its security boundaries that is not available to the 
international community.  It does prevent the NSA or any other 
government agency from interfering with or discouraging any work 
in the field of cryptography outside its own facilities.  The 
NSA should maintain technological superiority by its own merit, 
not by crippling all domestic competition.

7.4  Replace DES with Better Public Standard

DES is old and its key length is too short.  The public wants a 
more secure encryption standard that is fully public and can be 
used in software implementations.  The Swiss IDEA algorithm is 
one likely alternative, but it would be better if an algorithm 
that is royalty-free (like DES) could be made an official 
standard.  Clipper/Capstone key escrow is not the answer to this 
need, although it might be useful within the Federal 
Government.

Several possible replacements for DES have been suggested.  One 
that is much stronger than DES (and slightly stronger than IDEA) 
and can be used royalty-free is the MPJ2 Encryption Algorithm, 
which has been donated to the Public Domain by the inventor.  
Technical details on this algorithm have been published, and are 
available to U. S. Citizens in the USA.

7.5  Control NSA's Cryptographic Technology

While it is unreasonable to think that the general public's 
cryptographic technology could possibly be confined to any one 
country, it is not so difficult to control the technology in a 
single organization such as the NSA.  The NSA should be, with 
very few exceptions, a trap door for information on cryptography 
and cryptanalysis.  They should strive to stay ahead of the 
general public in these fields, and should not confirm or deny 
what they can and cannot do to the general public without a 
conscious decision by competent authority to do so (for example, 
to endorse a DES replacement).  In like manner, the NSA should 
not discourage or encourage any cryptographic technology outside 
of their walls but still inside the USA.  Of course, even an 
endorsement by the NSA is suspect, since their charter includes 
reading other people's encrypted traffic.  It would be better, 
in my opinion, to preserve the NSA as a national treasure of 
cryptographic expertise by dealing with public encryption 
standards totally within the Department of Commerce, National 
Institute of Standards and Technology (NIST).

It is probable that someone in the USA (or another country) will 
independently invent something that someone inside the NSA has 
invented, and that person will be honored with fame and fortune 
publicly for what has already been done privately within the 
NSA.  This should never be construed as an excuse to censure the 
public invention.  Indeed, to do so would leak information about 
the NSA's technology level and capabilities to the outside 
world.

7.6  Alternate Intelligence Methods

To mitigate the effect of the inevitable improvement in both the 
quality and availability of strong encryption software and 
hardware all over the world, it would be wise to invest in 
alternate intelligence methods, such as harder to detect and 
easier to place bugs.  Subtle long range bug delivery 
mechanisms, relay devices, etc., could pay back great dividends 
in intelligence value for the money for use in those cases where 
strong encryption makes cryptanalysis impossible.

7.7  Alternate Law Enforcement Methods

There are many ways to catch a crook, no matter how 
cryptographically sophisticated.  After all, it is much easier 
to plant listening devices around a suspected drug trafficker, 
serial murderer, or whatever, in our own country (with a proper 
search warrant) than it is to try to figure out how to bug the 
command center of an enemy dictator surrounded by a loyal army.  
An encrypted phone conversation may actually lull the bugged 
suspect into a sense of false security, talking openly about 
crimes on a secure line.  An encrypted telephone does a criminal 
little good if the room or car the phone is in is bugged.

7.8  Clarify & Repair Export Regulations

My specific recommendations to clarify the export regulations 
with respect to encryption software, keep the encryption 
technology that we use for our own military and diplomatic 
communications safe, allow all reasonable commercial uses of 
encryption technology in the United States, to make the 
regulations much more enforceable, and to bring these 
regulations into compliance with the United States of America's 
Constitution follow.

$ 120.10 (1) should be altered (by removing the exception for 
software defined in a nonexistent section) to read:

(1) Information which is required for the design development, 
production, manufacture, assembly, operation, repair, testing, 
maintenance or modification of defense articles. This includes 
information in the form of blueprints, drawings, photographs, 
plans, instructions and documentation.

$ 121.1, Category XIII, subcategory (b), items (1), (2) and (3), 
should be modified to read:

(b) Information Security Systems and equipment, cryptographic 
devices, software, and components specifically designed or 
modified therefor, including: 

(1) Cryptographic (including key management) systems, equipment, 
assemblies, modules, integrated circuits, components or software 
with the capability of maintaining secrecy or confidentiality of 
information or information systems originated by the U. S. 
Government or persons working under contract to the U. S. 
Government, except for those specific items intentionally 
released by the U. S. Government to the general public or 
independently developed by a person or persons outside of the U. 
S. Government.  In case of any doubt about the status of any of 
these items, see $120.4.

(2) Cryptographic (including key management) systems, equipment, 
assemblies, modules, integrated circuits, components or software 
which have the capability of generating spreading or hopping 
codes for spread spectrum systems or equipment and which were 
originated by the U. S. Government or persons working under 
contract to the U. S. Government, and not independently 
developed outside of the U. S. Government.

(3) Cryptanalytic systems, equipment, assemblies, modules, 
integrated circuits, components or software originated by the U. 
S. Government or persons working under contract to the U. S. 
Government, and not independently developed outside of the U. S. 
Government.

The above changes have the effect of maintaining strict controls 
on the cryptosystems that we use in our own military and 
diplomatic service, but has no ill effects on the U. S. 
Constitution or economy.  It also has the effect of costing less 
taxpayer money to support censorship (Commodity Jurisdiction) 
proceedings.

$ 121.8 (f) should be modified to read (deleting the exception 
for encryption software):

(f) Software includes but is not limited to the system 
functional design, logic flow, algorithms, application programs, 
operating systems and support software for design, 
implementation, test, operation, diagnosis and repair. A person 
who intends to export software only should apply for a technical 
data license pursuant to part 125 of this subchapter.





Thread