1994-05-14 - Crippler Article in Wired

Header Data

From: Justin Lister <ruf@osiris.cs.uow.edu.au>
To: cypherpunks@toad.com (Cypherpunk Mailing List)
Message Hash: 6fbb62c79e3edbf10bedbf62edf3bfc39e9a27c1808dd7ec7e1ee07883793719
Message ID: <199405140944.AA19190@osiris.cs.uow.edu.au>
Reply To: N/A
UTC Datetime: 1994-05-14 09:49:09 UTC
Raw Date: Sat, 14 May 94 02:49:09 PDT

Raw message

From: Justin Lister <ruf@osiris.cs.uow.edu.au>
Date: Sat, 14 May 94 02:49:09 PDT
To: cypherpunks@toad.com (Cypherpunk Mailing List)
Subject: Crippler Article in Wired
Message-ID: <199405140944.AA19190@osiris.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: text/plain

I found this article on the WIRED www document server, it will appear in
a coming issue of wired.

NSA's Chief Counsel to Appear Online

Stewart A. Baker, Chief Counsel for the National Security Agency and featured
writer in WIRED 2.06 will host a Q&A session on the Clipper Chip. He will 
appear on America Online in Center Stage (from AOL type keyword: "center 
stage") on Thursday May 26, 1994, from 7-9 p.m. EST. 

Baker is the NSA's top lawyer and supports the Clipper Initiative. He worked 
briefly as Deputy General Counsel of the Education Department under President
Jimmy Carter. His article "Don't Worry Be Happy" refutes seven myths of key 
escrow encryption and is a WIRED Exclusive. 

Don't Worry Be Happy

Why Clipper Is Good For You 

By Stewart A. Baker, Chief Counsel for the NSA

With all the enthusiasm of Baptist ministers turning their Sunday pulpits
over to the Devil, the editors of WIRED have offered me the opportunity to 
respond to some of the urban folklore that has grown up around key escrow
encryption -- also known as the Clipper Chip. 

Recently the Clinton administration has announced that federal agencies will
be able to buy a new kind of encryption hardware that is sixteen million times
stronger than the existing federal standard known as DES. But this new potency
comes with a caveat. If one of these new encryption devices is used, for
example, to encode a phone conversation that is subject to a lawful government
wiretap, the government can get access to that device's encryption keys. 
Separate parts of each key are held by two independent "escrow agents," who
will release keys only to authorized agencies under safeguards approved by
the attorney general. Private use of the new encryption hardware is welcome
but not required. That's a pretty modest proposal. Its critics, though, have
generated at least seven myths about key escrow encryption that deserve

MYTH NUMBER ONE: Key escrow encryption will create a brave new world of
government intrusion into the privacy of Americans. 

Opponents of key escrow encryption usually begin by talking about government
invading the privacy of American citizens. None of us likes the idea of the 
government intruding willy-nilly on communications that are meant to be 

But the key escrow proposal is not about increasing government's authority to
invade the privacy of its citizens. All that key escrow does is preserve the 
government's current ability to conduct wiretaps under existing authorities. 
Even if key escrow were the only form of encryption available, the world would
look only a little different from the one we live in now. 

In fact, it's the proponents of widespread unbreakable encryption who want to
create a brave new world, one in which all of us -- crooks included -- have a
guarantee that the government can't tap our phones. Yet these proponents have
done nothing to show us that the new world they seek will really be a better 

In fact, even a civil libertarian might prefer a world where wiretaps are
possible. If we want to catch and convict the leaders of criminal 
organizations, there are usually only two good ways to do it. We can "turn" a
gang member -- get him to testify against his leaders. Or we can wiretap the 
leaders as they plan the crime. 

I once did a human rights report on the criminal justice system in El Salvador.
I didn't expect the Salvadorans to teach me much about human rights. But I 
learned that, unlike the US, El Salvador greatly restricts the testimony of 
"turned" co-conspirators. Why? Because the co-conspirator is usually "turned"
either by a threat of mistreatment or by an offer to reduce his punishment. 
Either way, the process raises moral questions -- and creates an incentive for
false accusations. 

Wiretaps have no such potential for coercive use. The defendant is convicted 
or freed on the basis of his own, unarguable words. 

In addition, the world will be a safer place if criminals cannot take 
advantage of a ubiquitous, standardized encryption infrastructure that is
immune from any conceivable law enforcement wiretap. Even if you're worried
about illegal government taps, key escrow reinforces the existing requirement
that every wiretap and every decryption must be lawfully authorized. The key
escrow system means that proof of authority to tap must be certified and 
audited, so that illegal wiretapping by a rogue prosecutor or police officer
is, as a practical matter, impossible. 

MYTH NUMBER TWO: Unreadable encryption is the key to our future liberty.

Of course there are people who aren't prepared to trust the escrow agents, or
the courts that issue warrants, or the officials who oversee the system, or
anybody else for that matter. Rather than rely on laws to protect us, they 
say, let's make wiretapping impossible; then we'll be safe no matter who gets

This sort of reasoning is the long-delayed revenge of people who couldn't go to
Woodstock because they had too much trig homework. It reflects a wide -- and
kind of endearing -- streak of romantic high-tech anarchism that crops up 
throughout the computer world. 

The problem with all this romanticism is that its most likely beneficiaries 
are predators. Take for example the campaign to distribute PGP ("Pretty Good 
Privacy") encryption on the Internet. Some argue that widespread availability
of this encryption will help Latvian freedom fighters today and American 
freedom fighters tomorrow. Well, not quite. Rather, one of the earliest users
of PGP was a high-tech pedophile in Santa Clara, California. He used PGP to 
encrypt files that, police suspect, include a diary of his contacts with 
susceptible young boys using computer bulletin boards all over the country. 
"What really bothers me," says Detective Brian Kennedy of the Sacramento,
California, Sheriff's Department, "is that there could be kids out there who
need help badly, but thanks to this encryption, we'll never reach them." 

If unescrowed encryption becomes ubiquitous, there will be many more stories
like this. We can't afford as a society to protect pedophiles and criminals 
today just to keep alive the far-fetched notion that some future tyrant will 
be brought down by guerrillas wearing bandoleers and pocket protectors and 
sending PGP-encrypted messages to each other across cyberspace. 

MYTH NUMBER THREE: Encryption is the key to preserving privacy in a digital 

Even people who don't believe that they are likely to be part of future 
resistance movements have nonetheless been persuaded that encryption is the 
key to preserving privacy in a networked, wireless world, and that we need 
strong encryption for this reason. This isn't completely wrong, but it is not
an argument against Clipper.

If you want to keep your neighbors from listening in on your cordless phone, 
if you want to keep unscrupulous competitors from stealing your secrets, even
if you want to keep foreign governments from knowing your business plans, key
escrow encryption will provide all the security you need, and more. 

But I can't help pointing out that encryption has been vastly oversold as a 
privacy protector. The biggest threats to our privacy in a digital world come 
not from what we keep secret but from what we reveal willingly. We lose 
privacy in a digital world because it becomes cheap and easy to collate and
transmit data, so that information you willingly gave a bank to get a 
mortgage suddenly ends up in the hands of a business rival or your 
ex-spouse's lawyer. Restricting these invasions of privacy is a challenge,
but it isn't a job for encryption. Encryption can't protect you from the 
misuse of data you surrendered willingly.

What about the rise of networks? Surely encryption can help prevent password 
attacks like the recent Internet virus, or the interception of credit card 
numbers as they're sent from one digital assistant to another? Well, maybe. 
In fact, encryption is, at best, a small part of network security. 

The real key to network security is making sure that only the right people 
get access to particular data. That's why a digital signature is so much more
important to future network security than encryption. If everyone on a net has
a unique identifier that others cannot forge, there's no need to send credit 
card numbers -- and so nothing to intercept. And if everyone has a digital 
signature, stealing passwords off the Net is pointless. That's why the Clinton
administration is determined to put digital signature technology in the public
domain. It's part of a strategy to improve the security of the information
infrastructure in ways that don't endanger government's ability to enforce
the law. 

MYTH NUMBER FOUR: Key escrow will never work. Crooks won't use it if it's
voluntary. There must be a secret plan to make key escrow encryption 

This is probably the most common and frustrating of all the myths that abound
about key escrow. The administration has said time and again that it will not
force key escrow on manufacturers and companies in the private sector. In a 
Catch-22 response, critics then insist that if key escrow isn't mandated it
won't work. 

That misunderstands the nature of the problem we are trying to solve. 
Encryption is available today. But it isn't easy for criminals to use; 
especially in telecommunications. Why? Because as long as encryption is not
standardized and ubiquitous, using encryption means buying and distributing 
expensive gear to all the key members of the conspiracy. Up to now only a few
criminals have had the resources, sophistication, and discipline to use 
specialized encryption systems.

What worries law enforcement agencies --what should worry them -- is a world
where encryption is standardized and ubiquitous: a world where anyone who buys
an US$80 phone gets an "encrypt" button that interoperates with everyone 
else's; a world where every fax machine and every modem automatically encodes
its transmissions without asking whether that is necessary. In such a world, 
every criminal will gain a guaranteed refuge from the police without lifting 
a finger. 

The purpose of the key escrow initiative is to provide an alternative form of
encryption that can meet legitimate security concerns without building a web 
of standardized encryption that shuts law enforcement agencies out. If banks 
and corporations and government agencies buy key escrow encryption, criminals
won't get a free ride. They'll have to build their own systems -- as they do 
now. And their devices won't interact with the devices that much of the rest 
of society uses. As one of my friends in the FBI puts it, "Nobody will build 
secure phones just to sell to the Gambino family." 

In short, as long as legitimate businesses use key escrow, we can stave off a
future in which acts of terror and organized crime are planned with impunity 
on the public telecommunications system. Of course, whenever we say that, the
critics of key escrow trot out their fifth myth: 

MYTH NUMBER FIVE: The government is interfering with the free market by
forcing key escrow on the private sector. Industry should be left alone to
develop and sell whatever form of encryption succeeds in the market. 

In fact, opponents of key escrow fear that businesses may actually prefer key
escrow encryption. Why? Because the brave new world that unreadable encryption
buffs want to create isn't just a world with communications immunity for
crooks. It's a world of uncharted liability. What if a company supplies 
unreadable encryption to all its employees, and a couple of them use it to
steal from customers or to encrypt customer data and hold it hostage? As a 
lawyer, I can say it's almost certain that the customers will sue the company
that supplied the encryption to its employees. And that company in turn will 
sue the software and hardware firms that built a "security" system without 
safeguards against such an obvious abuse. The only encryption system that
doesn't conjure up images of a lawyers' feeding frenzy is key escrow. 

But there's a second and even more compelling reason why the key escrow 
initiative can't fairly be characterized as interfering with private 
enterprise: The encryption market has been more or less created and sustained 
by government. Much of the market for encryption devices is in the public 
sector, and much of the encryption technology now in widespread use in the 
private sector was funded, perfected, or endorsed by the federal government. 

And not by accident, either. Good encryption is expensive. It isn't just a 
matter of coming up with a strong algorithm, although testing the strength of
an algorithm can be enormously time-consuming. The entire system must be 
checked for bugs and weaknesses, a laborious and unglamorous process. 
Generally, only the federal government has been willing to pay what it costs 
to develop secure communications gear. That's because we can't afford to have
our adversaries reading our military and diplomatic communications. 

That's led to a common pattern. First, the government develops, tests, or 
perfects encryption systems for itself. Then the private sector drafts along 
behind the government, adopting government standards on the assumption that if
it's good enough for the government's information, it's good enough to protect

As encryption technology gets cheaper and more common, though, we face the 
real prospect that the federal government's own research, its own standards, 
its own purchases will help create the future I described earlier -- one in 
which criminals use ubiquitous encryption to hide their activities. How can 
anyone expect the standard-setting arms of government to use their power to 
destroy the capabilities of law enforcement -- especially at a time when the 
threat of crime and terror seems to be rising dramatically? 

By adopting key escrow encryption instead, the federal government has simply 
made the reasonable judgment that its own purchases will reflect all of 
society's values, not just the single-minded pursuit of total privacy. 

So where does this leave industry, especially those companies that don't like
either the 1970s-vintage DES or key escrow? It leaves them where they ought 
to be -- standing on their own two feet. Companies that want to develop and 
sell new forms of unescrowed encryption won't be able to sell products that 
bear the federal seal of approval. They won't be able to ride piggyback on 
federal research efforts. And they won't be able to sell a single unreadable 
encryption product to both private and government customers. 

Well, so what? If companies want to develop and sell competing, unescrowed 
systems to other Americans, if they insist on hastening a brave new world of 
criminal immunity, they can still do so -- as long as they're willing to use 
their own money. That's what the free market is all about. 

Of course, a free market in the US doesn't mean freedom to export encryption 
that may damage US national security. As our experience in World War II shows,
encryption is the kind of technology that wins and loses wars. With that in 
mind, we must be careful about exports of encryption. This isn't the place for
a detailed discussion of controls, but one thing should be clear: They don't 
limit the encryption that Americans can buy or use. The government allows 
Americans to take even the most sophisticated encryption abroad for their own
protection. Nor do controls require that software or hardware companies "dumb
down" their US products. Software firms have complained that it's 
inconvenient to develop a second encryption scheme for export, but they 
already have to make changes from one country to the next -- in language, 
alphabet, date systems, and handwriting recognition, to take just a few 
examples. And they'd still have to develop multiple encryption programs even 
if the US abolished export controls, because a wide variety of national 
restrictions on encryption are already in place in countries from Europe to 

MYTH NUMBER SIX: The National Security Agency is a spy agency; it has no
business worrying about domestic encryption policy. 

Since the National Security Agency has an intelligence mission, its role in 
helping to develop key escrow encryption is usually treated as evidence that 
key escrow must be bad security. In reality, though, NSA has two missions. It
does indeed gather intelligence, in part by breaking codes. But it has a 
second, and oddly complementary, mission. It develops the best possible 
encryption for the US government's classified information. 

With code breakers and code makers all in the same agency, NSA has more 
expertise in cryptography than any other entity in the country, public or 
private. It should come as no surprise, therefore, that NSA had the know-how 
to develop an encryption technique that provides users great security without
compromising law enforcement access. To say that NSA shouldn't be involved in
this issue is to say the government should try to solve this difficult 
technical and social problem with both hands tied behind its back. 

MYTH NUMBER SEVEN: This entire initiative was studied in secret and
implemented without any opportunity for industry or the public to be heard. 

This is an old objection, and one that had some force in April of 1993, when 
the introduction of a new AT&T telephone encryption device required that the 
government move more quickly than it otherwise would have. Key escrow was a 
new idea at that time, and it was reasonable for the public to want more 
details and a chance to be heard before policies were set in concrete. But 
since April 1993, the public and industry have had many opportunities to 
express their views. The government's computer security and privacy advisory 
board held several days of public hearings. The National Security Council met
repeatedly with industry groups. The Justice Department held briefings for 
congressional staff on its plans for escrow procedures well in advance of its
final decision. And the Commerce Department took public comment on the 
proposed key escrow standard for 60 days. 

After all this consultation, the government went forward with key escrow, not
because the key escrow proposal received a universally warm reception, but 
because none of the proposal's critics was able to suggest a better way to 
accommodate society's interests in both privacy and law enforcement. Unless 
somebody comes up with one, key escrow is likely to be around for quite a 
while. That's because the only alternative being proposed today is for the 
government to design or endorse encryption systems that will cripple law 
enforcement when the technology migrates -- as it surely will -- to the 
private sector. And that alternative is simply irresponsible. 

For more information on the Clipper standard you can access WIRED's Clipper
archive via the following WIRED Online services. 

   WIRED Infodroid e-mail server: Send e-mail to infodroid@wired.com
   containing the words "send clipper/index" on a single line inside the 
   message body. 
   WIRED Gopher: Gopher to gopher.wired.com and select "Clipper Archive." 
   WIRED on World Wide Web: http://www.wired.com select "Clipper Archive." 
   WIRED on America Online: The keyword is WIRED. 
   WIRED on the Well: Type "go wired" from any "OK" prompt. 

Stewart A. Baker is the National Security Agency's top lawyer. He worked 
briefly as Deputy General Counsel of the Education Department under President
Jimmy Carter, and he practiced international law at Steptoe & Johnson, in 
Washington, DC. He has been at the NSA since 1992. 

WIRED Online Copyright Notice 

Copyright 1993,4 Ventures USA Ltd. All rights reserved. 

This article may be redistributed provided that the article and this notice 
remain intact. This article may not under any circumstances be resold or 
redistributed for compensation of any kind without prior written permission 
from Wired Ventures, Ltd. 

If you have any questions about these terms, or would like information about 
licensing materials from WIRED Online, please contact us via telephone 
(+1 (415) 904 0660) or email (info@wired.com). 

WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. 

|  ____       ___     | Justin Lister                 ruf@cs.uow.edu.au  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-835-114 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |