1995-09-09 - Open letter to Geoff Greiveldinger, DoJ

Header Data

From: Carl Ellison <cme@clark.net>
To: cypherpunks@toad.com
Message Hash: 479c0fb27f4cda6b0efe7285c9f3db46e44e619df43d1814ff7bd8f4ab666955
Message ID: <199509090607.CAA02659@clark.net>
Reply To: N/A
UTC Datetime: 1995-09-09 06:07:24 UTC
Raw Date: Fri, 8 Sep 95 23:07:24 PDT

Raw message

From: Carl Ellison <cme@clark.net>
Date: Fri, 8 Sep 95 23:07:24 PDT
To: cypherpunks@toad.com
Subject: Open letter to Geoff Greiveldinger, DoJ
Message-ID: <199509090607.CAA02659@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


I just posted the following.  I'll have to wait to see if the moderator
accepts it.

Date: Sat, 9 Sep 1995 01:11:06 -0400
From: Carl Ellison <cme>
To: risks@csl.sri.com
Subject: Open letter to Geoff Greiveldinger, DoJ

NIST (the National Institute of Standards and Technology) held a two day
public meeting on September 6 and 7, 1995 to discuss Software Key Escrow as a
possible means of achieving export of cryptography.

In the morning of 9/7, Goeff Greiveldinger of the Department of Justice gave a
description of the kinds of crimes which DoJ wants to use wiretapping to
solve.  He closed this litany of lawbreaking with the assertion that software
manufacturers don't want to provide products which allow such lawbreakers to
keep their criminal evidence hidden from law enforcement.

I'm sorry to disillusion you, Geoff, but I *do* want to make such systems.

Would you have Ryder stop renting trucks because some terrorist decided to
fill one with explosives and kill many innocent children?  Would you have
Americans stop making automobiles because bank robbers have been known to use
cars for getaways?  Would you have all new buildings constructed with FBI
microphones in every wall because some criminals meet in private rooms in
order to plan crimes?

When an American company sweeps its conference room for bugs, finds some and
destroys them, it doesn't matter whether those bugs were planted by industrial
spies or the FBI.  The company has a right to eliminate them.  When that
company ties two such conference rooms together by video-conference equipment
and encrypts the line between them using strong link encryption, it is
performing the same defensive operation in cyberspace.  It is protecting
itself from spies and it doesn't matter that the wiretaps it frustrates might
be illegal ones by industrial spies or legal ones by the FBI.  The right to
attempt to achieve privacy is a long-standing one in this country and not one
to allow to be lost.

When I design and build systems for privacy for my customers, I am providing
products for law-abiding, honest people.  I am aware of criminals, of course.
Criminals are the threats against whom I protect my customers.  These
criminals are usually not in the government but that doesn't mean that I
believe I should offer my honest customers up for a strip-search in
cyberspace.  The law enforcement agencies of this free country have no right
to expect blanket access to the ciphertext of citizens.  It will take
legislation to get that right and I will do everything in my power to keep
such legislation from passing.  Barring such legislation, I will make sure
that honest American citizens have cryptography with which to attempt to
maintain their privacy, even from the government.  We have the right to
attempt to keep a secret from government agencies and continuous demonstration
of that right is an important part of this free country.

On the other hand, I am sympathetic to law enforcement officers.  I have
several friends in that business.  I have asked my friends and acquaintances
who do surveillance (2 IRS agents investigating organized crime for tax
evasion; 2 undercover cops in Boston's highest drug neighborhood; 1 DEA agent
in the midwest) if they ever encounter encrypted communications or files.
They don't.  Neither does anyone in their offices.  Of course, even if they
did it would remain so important to preserve our right to attempt to keep
secrets from the government that their frustration would just have to be
accepted.  The fact that this isn't a real problem makes my decision that much
easier.  I am left with no moral qualms at all.

In summary, criminals are so few that I will not design for them.  I will not
treat my vast majority of honest users as if they were criminals just because
some criminal might someday use my product and frustrate you.

ObRisk: We run the risk of losing our fundamental right to attempt to keep a
secret from the government -- a practice we need to preserve in order to
protect ourselves from criminals in cyberspace.  There are powerful forces in
the US government attempting to cajole us into giving up that right.

[see http://www.clark.net/pub/cme/html/nist-ske.html for more on this subject]




Thread