From: Stanton McCandlish <mech@eff.org>
To: cypherpunks@toad.com
Message Hash: 0fb31996baab863b4b665312344c8eed95703811b20c3ad03530e4fddb25d02d
Message ID: <199403150024.TAA28615@eff.org>
Reply To: N/A
UTC Datetime: 1994-03-15 00:24:26 UTC
Raw Date: Mon, 14 Mar 94 16:24:26 PST
From: Stanton McCandlish <mech@eff.org>
Date: Mon, 14 Mar 94 16:24:26 PST
To: cypherpunks@toad.com
Subject: Transcript: Barlow v. Denning on America On Line, 02/10/94
Message-ID: <199403150024.TAA28615@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
March 10, 1994 online debate between John Perry Barlow of the Electronic
Frontier Foundation, and Dr. Dorothy Denning, over the Clipper Chip
scheme, from the Time Online forum of America On Line.
3/10/94 8:49:41 PM Opening "Chat Log 3/10/94 CLIPPER" for recording.
OnlineHost : Good evening and welcome to the Time Online Odeon! Tonight we
look from both sides at the Clipper Chip, a semiconductor device that the
National Security Agency developed and wants installed in every telephone,
computer modem and fax machine.
OnlineHost : In his article in the current issue of TIME, Philip
Elmer-DeWitt writes: "The chip combines a powerful encryption algorithm
with a ''back door'' -- the cryptographic equivalent of the master key that
opens schoolchildren's padlocks when they forget their combinations. A
''secure'' phone equipped with the chip could, with proper authorization,
be cracked by the government.
OnlineHost: "Law-enforcement agencies say they need this capability to keep
tabs on drug runners, terrorists and spies. Critics denounce the Clipper --
and a bill before Congress that would require phone companies to make it
easy to tap the new digital phones -- as Big Brotherly tools that will
strip citizens of whatever privacy they still have in the computer age.
OnlineHost: "Lined up on one side are the three-letter cloak-and-dagger
agencies -- the NSA, the CIA and the FBI -- and key policymakers in the
Clinton Administration (who are taking a surprisingly hard line on the
encryption issue). Opposing them is an equally unlikely coalition of
computer firms, civil libertarians, conservative columnists and a strange
breed of cryptoanarchists who call themselves the cypherpunks."
RPTime: Lined up on our stage tonight are John Perry Barlow, Dr. Dorothy
Denning and Philip Elmer-DeWitt. Barlow is co-founder of the Electronic
Frontier Foundation, which promotes freedom in digital media. A recognized
commentator on computer security, he is arguing against the Clipper Chip
Dr. Denning is the chairperson of the Computer Science Department at
Georgetown University. A leading expert on cryptography and data security,
she favors the adoption of the Clipper Chip. Philip Elmer-DeWitt, TIME's
technology editor will lead the questioning of our guests. Audience
questions may be sent up using the Interact with Host function....Phil?
PhilipED: Dr. Denning, could you *briefly* make the case for why we need
the key escrow encryption system.
DDenning: The government needs a new encryption standard to replace DES.
They came up with a very strong algorithm called SKIPJACK. In making that
available, they didn't want to do it in a way that could ultimately prove
harmful to society. So they came up with the idea of key escrow so that if
SKIPJACK were used to conceal criminal activity, they would be able to get
access to the communications.
PhilipED: THanks. Mr. Barlow, could you briefly make the case *against*
Clipper. We'll see if I can be brief. We oppose Clipper in large part
because of the traffic analysis which it makes possible. We believe that it
is in the functional nature of the chip as designed to greatly enhance the
ability of government to observe who we are calling, when, and from where,
all fairly automatically and centrally. We also oppose Clipper because of
the many way in which we believe the escrow system could be compromised, by
people and institutions both inside and outside of government.
PhilipED: Dr. Denning, what about John's contention that Clipper makes it
easier to detect calling patterns.
DDenning: I don't buy this. First off, for law enforcement to access any
communications, they need a court order. Even if the communications are
encrypted. Second, with a court order, they can get access to call setup
information and find out what other lines the subject of the investigation
is talking to. This is of much more use than anything in the encrypted
stream.
PhilipED: John, is Dorothy right that you need a court order for call set
up info?
Barlow1: Dorothy, the government asked for and received over 100,000
calling records last year without a court order. I see nothing in the
Clipper documents which indicates that they would require a court order to
get this kind of information, which each chip would make readily available
to the entire network.
DDenning: You need a court order to do implement pen registers and dialed
number recorders in order to find out who is talking to whom.
Barlow1: Furthermore, my faith in court orders has been eroded by 30 years
of government wiretap abuse.
PhilipED: Aren't we talking about three different hurdles here, one for a
wiretap...
Barlow1: But that's only with the present system where putting a pen
register on a line requires physical entrance to a phone company site.
PhilipED: One for a pen register (to track calling patterns in real time)
and one for phone records.
RPTime: Let's take a question from the audience... How would you guarantee
that this facility will never be misused? If you can't make that guarantee,
why should a democratic society, with a prohibition against prior
restraint, consent to this? John Barlow?
Barlow1: There are three different sources of information, as you say. But
there are not three "hurdles." That sounds like a question for Dorothy. I
don't think we should, obviously.
RPTime: Dr. Denning?
DDenning: First of all, there has been no evidence of widespread abuse of
wiretaps since passage of the 1968 and 1978 wiretap statutes. Second, there
are a lot of security mechanisms going into it to protect against abuse.
Third, it will provide much greater protection against illegal wiretaps
than we have now, since almost all phone conversations are in the clear. It
will make virtually all illegal wiretaps impossible. Fourth, if for some
reason it doesn't provide adequate protection, we can destroy the key
databases and everyone will have absolute privacy against government
wiretaps. I don't think our society will tolerate that kind of abuse.
PhilipED: John, isn't Dorothy right that you're better off with compromised
encryption than none?
Barlow1: Gee, where to begin... First of all, there was plenty of abuse
after 1968. Remember Watergate, Dorothy? Second, I believe that Clipper in
the Net will dramatically *enhance* certain powers of...
DDenning: I was talking specifically about wiretap abuses. And there hasn't
been any evidence since the 1978 law.
Barlow1: surveillance over current technical abilities. One of the reasons
that wiretap hasn't been more abused is the bureaucratic overhead of
current practices. Make it so that it doesn't require 50 agents to conduct
a wire tap and you'll see a lot more of it. And Watergate included quite a
number of wiretap violations. Indeed, the burglers were caught trying to
install one. As to the assertion that we can always back up and destroy the
databases if we don't like it, I can't imagine that someone as bright as
yourself would believe that this is possible. Technology and power ratchet
into positions which almost never retract without a complete change in the
system of authority
RPTime: Care to respond Dr. Denning?
DDenning: Clipper would prevent the watergate burglars from getting
anywhere since they wouldn't have a court order. Clipper will not make
wiretaps cheaper or easier. Wiretaps are becoming more diffiults. And there
will always be more agents involved becasue they have to follow exacting
procedures, including minimization (throw out all conversations that are
not specific to the crime at hand).
Barlow1: Dorothy, they were from the *Government* remember? I can't imagine
that Nixon wouldn't have been able to find a sympathetic ear from somebody
at NIST and somebody else at Treasury. Further, you're not talking about
the truly insidious element of this, which is dramatically improved traffic
analysis. Content is less important than context, and most agents will
support this.
RPTime: Another question from the audience. JCMaille asks... Does the
government have a constitutional right of access to my personal
communications? Dr. Denning, why don't you go first?
DDenning: The Supreme Court ruled that wiretaps with a court order are
Constitutional. At one time, communications were not even protected under
the 4th Amendment. The government could wiretap without a court order! Now
a court order is required.
PhilipED: To put the question another way, do citizens have a right to use
powerful encryption?
DDenning: Right now there are no laws preventing the use of any encryption.
Clipper is voluntary. You can still use something else.
RPTime: We have to apologize. John Barlow has temporarily lost his
connection...
PhilipED: Dr. Denning, in your opinion... would a law outlawing powerful
encryption be unconstitutional?
DDenning: I don't think so. But that doesn't mean it will happen.
RPTime: John Barlow is back with us. Sorry for the interruption! Barlow,
Denning just said she didn't think a law banning powerful encryption would
be unconstitutional What do you say? Hi folks. Don't know what happened.
Gald to be back Gald indeed!
Barlow1: Actually, I believe that our current export embargoes are a
violation of the 1st Amendment which specify speech without regard to the
manner of speech. If we could restrict manner of speech, it would be
constitutional to require that everyone speak English. Which of course it
isn't
PhilipED: John, can you make the case why ordinary law-abiding citizens
need powerful encryption?
Barlow1: Because it is in the nature of digitally networked communications
to be quite visible. Everytime we make any sort of transaction in a digital
environment, we smear our fingerprints all over Cyberspace. If we are to
have any privacy in the future, we will need virtual "walls" made of
cryptography.
RPTime: Another audience question... Isn't this like the gun argument? If
guns are outlawed only criminals will have guns? Well, if clipper is
standardized, won't criminals be the ones NOT using it?
RPTime: Dr. Denning? If Clipper becomes the de facto standard, then it will
be the chief method of encryption. That would be what you'd get at Radio
Shack. What criminals use will depend on what is readily available and what
their cohorts are using. Both parties of a conversation have to use the
same thing. Criminals also talk to a lot of people outside their immediate
circle - e.g., to buy goods and services. Also, they can be quite stupid at
times. But the main thing is that criminals will not be able to take
advantage of the SKIPJACK algorithm as a way of concealing their
conversations. This is the whole point. It is not to catch criminals. It is
to allow people access to a really high quality algorithm in a way that
someone cannot use it to conceal criminal activity.
Barlow1: The gun analogy is excellent up to a point. I can't for the life
of me imagine why we would think that even a stupid criminal would use
Clipper if something else were available. And when I talk to people in the
administration their big hobgoblin is the "nuclear-armed" terrorist. Any
fanatic smart enough to assemble and detonate a nuclear device is going to
be smart enough to download PGP from a bulletin board somewhere. Also, I'd
like to point out that the gun analogy doesn't go the whole distance.
Crypto is by its nature a purely *defensive* technology. You can't shoot
people with it.
PhilipED: Speaking of PGP, Dr. Denning, is that encryption system secure,
in your opinion?
DDenning: I don't know of anyone who's been able to break the IDEA
algorithm that it uses.
RPTime: Back to the audience for a question from Steve HW.. This is for Dr.
Denning. What is the evidence of harm if the Clipper proposal is not
adopted?
DDenning: The harm would be to the government. They would not be able to
use it and would have to resort to something less secure. Also, Clipper is
part of a larger project to make hardware available for encryption and
digital signatures. This will be used, for example, in the Defense Message
System. The goverment needs a new standard. I personally believe that
making really powerful encryption like SKIPJACK available without key
escrow could be harmful to society. Wiretaps have been essential for
preventing and solving many serious crimes and terrorist activities.
Barlow1: Why on earth would the government have to use something else if
they failed to get the rest of rest of us to buy into this folly? Hey, they
are already using SKIPJACK. It's a government algorithm and has been in use
for a...
DDenning: CPSR and others are asking the government to drop Clipper.
Barlow1: long time. There are plenty other algorithms which we can use
which are truly protected... unless of course, this is only the first step
in a process which will outlaw other forms of crypto. And I believe that it
must be. Makes absolutely no sense otherwise. EFF is not asking the
Government to drop Clipper, though we would vastly prefer they did. We're
merely asking that no steps be taken to require it either by law or
practice...as, for example, would be the case if you had to use a Clipper
chip to file your tax return.
PhilipED: Dr. Denning, do you think this is the "first step in a process to
outlaw crypto"?
DDenning: No I do not. The government has not been using SKIPJACK to my
knowledge. The Clipper initiative represents the first time that the
government has put one of their really good algorithms out there in the
unclassified arena. They are trying to do this in a way that won't backfire
against the public. Other NSA developed algorithms are not available for
purchase by the public.
Barlow1: I appreciate their willingness to make some of that crypto
research available to a public which has paid so much for it, but I'm
afraid that I would never trust an algorithm which was given to me by any
government. And I certainly don't trust a classified algorithm like
Skipjack, even without a back door which everyone can see. I think I'll
stick to systems which have been properly vetted to be clear of such
compromises, like RSA. I hope others will do likewise and that RSA will
become the standard which Clipper shouldn't be.
RPTime: Time for one more question from our audience... To John Barlow.
Isn't society becoming increasingly vulnerable to concerted
criminal/terrorist disruption, requiring *stronger* law enforcement tools?
Barlow1: Gee. I don't know. It's a scary world. However, I'm willing to
take my chances with the few terrorists and drug lords there are out there
rather than trusting government with the kind of almost unlimited
surveillance power which Clipper and Digital Telephony would give them.
It's a touch choice. But when you look at the evil perpetrated by
government over this century in the name of stopping crime, it far exceeds
that done by other organized criminals.
RPTime: Dr. Denning, hasn't remote listening technology enhanced police
abilities to eavesdrop to the point... where the loss of a few wire taps
won't mean much?
DDenning: No. They need to get the cooperation of the service providers to
implement a wiretap. The loss of some wiretaps could be costly indeed. As
an example, wiretaps were used to help solve a case that involved plans by
a Chicago gang from shooting down a commercial airliner. There have been 2
cases where they helped save the lives of kids who were going to be
kidnaped for the making of a snuff murder film. They helped solve a case
where a man's house was going to be bombed. I could go on. If we take
John's arguments about law enforcement to their logical conclusion, we'd
just get rid of law enforcement. I think it's better to have it. The people
in law enforcement hate it as much as the rest of us when some member of
the community does something wrong. And they correct it, design new
procedures and laws where necessary, and go on.
Barlow1: Oh, please. I'm not proposing eliminating police. I'm opposing
giving them unlimited powers. Also,these are the same cases cited over and
over by everyone from you to Judge Freeh. Surely, we aren't going to
fundamentally change the balance of power in this country because of these
two (undocumented, to my knowledge) stories.
DDenning: Clipper is not going to change the balance of power. It does not
give law enforcement any additional authority to do wiretaps.
Barlow1: Well, this is where we basically disagree, Dorothy. If we could
continue the same level of LE capacity we presently have, I'd have no
objection. But I believe, for reasons I'm not sure we have the bandwidth to
discuss here, that we are talking about dramatically enhancing their
abilities. For one thing, we would greatly reduce the bureaucratic overhead
involved in wiretap, which is what keeps it under 900 cases nationwide at
the present.
RPTime: And that will have to be the last word on the matter for tonight...
DDenning: The overhead of a wiretap is more likely to increase, not decrease.
PhilipED: Not quite! Maybe not! ;-)
RPTime: THAT will be the final word!
Barlow1: Well, let's get together and talk, Dorothy.
RPTime: TIME thanks Dr. Dorothy Denning and John Perry Barlow for being
with us tonight... along with Philip Elmer-DeWitt. Thank you all, and
goodnight! Thank you both. This was very interesting.
DDenning: Thank you for the opportunity to be here!
Return to March 1994
Return to “Stanton McCandlish <mech@eff.org>”
1994-03-15 (Mon, 14 Mar 94 16:24:26 PST) - Transcript: Barlow v. Denning on America On Line, 02/10/94 - Stanton McCandlish <mech@eff.org>