From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: e5ed27c3e2f23026c8af02fa97925f3c9d83ff6452b73756c587101efab00169
Message ID: <199509111316.JAA02859@pipe2.nyc.pipeline.com>
Reply To: N/A
UTC Datetime: 1995-09-11 13:17:00 UTC
Raw Date: Mon, 11 Sep 95 06:17:00 PDT
From: John Young <jya@pipeline.com>
Date: Mon, 11 Sep 95 06:17:00 PDT
To: cypherpunks@toad.com
Subject: NYT on GAK
Message-ID: <199509111316.JAA02859@pipe2.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain
The New York Times, September 11, 1995, p. D7.
Technology / Peter H. Lewis
On The Net. Privacy for computers? Clinton sets the stage
for a debate on data encryption.
In terms of its ability to raise the nation's blood
pressure, the debate over data encryption has not yet
reached the same levels as gun control.
But last week the Clinton Administration appeared to set
the stage for an equally divisive debate over the degree to
which businesses and individuals have the right to keep
secrets when using telephones, computers and other forms of
electronic communications.
In two days of public hearings last week in Gaithersburg,
Md., home of the National Institute of Standards and
Technology, the Administration introduced its long-awaited
proposals to relax restrictions on the export of
cryptographic software.
The Administration drew a line in the virtual sands of
cyberspace, signaling that it is willing to permit
Americans to put stronger cryptographic locks on their
electronic data only if a spare key to those locks is made
available on demand to law-enforcement agencies.
There looms the conflict. Although the debate is about
export controls the "export" issue is irrelevant in today's
era of global electronic networks. Placing a common privacy
program on an Internet computer in Austin, Tex., is
effectively no different from sending a shrink-wrapped copy
of the program to Moscow.
The real issue is how much privacy the Government is
willing to allow its own citizens, and the latest word from
the Clinton Administration is that the right to electronic
privacy, like the right to bear arms, is not absolute.
Cryptography is the science of secret writing. In this
digital era, it applies not just to notes, but also to
telephone calls, money transfers, bank and credit card
records, electronic mail, faxes and other computer files.
The Clinton Administration's goal is to allow Americans to
use the strongest possible cryptographic technology, while
at the same time preserving the ability of law-enforcement
agencies to perform court-authorized wiretaps as part of
the effort to catch drug dealers, terrorists, child
pornographers and other miscreants.
In other words, it favors strong cryptography, but not too
strong.
The strength of cryptographic software is measured by the
length of the software key necessary to encode and decode
a message. The longer the key, the harder it is for an
unauthorized user to decipher the message.
In recent years, the Government has generally permitted
Americans to export cryptographic software with key lengths
up to 40 bits. Experts say that 40-bit keys are secure from
casual snooping, but will fall quickly to a determined
codebreaker.
Last week, after more than a year of intense analysis, the
Government introduced what it said was the best possible
compromise.
Under the new policy, companies can export encryption
algorithms using 64-bit keys, which are much more secure,
but only if spare keys are given to "escrow agents" who
would make them available to lawenforcement agents under
standard legal procedures, similar to legal wiretaps
authorized by a judge. Otherwise, the 40-bit limit
continues to apply.
Such a "key escrow" scheme is anathema to many privacy
advocates who fear Government abuses. The Government first
proposed a key escrow system with its so-called Clipper
Chip, a technology that failed to win acceptance even as a
voluntary standard.
The new scheme is somewhat more palatable than Clipper. Key
escrow is still unpopular with American computer and
software companies, which say it prevents them from
competing against foreign companies that have no similar
constraints, and with many multinational corporations,
which say it prevents them from working with foreign
companies that do not especially care for the idea of Uncle
Sam holding the keys to their data banks.
"If this was intended to be any sort of compromise, I don't
think it achieved its end," said Whitfield Diffie, a Sun
Microsystems enginePs who attended the meetings. "I didn't
see anybody who was enthusiastic."
Raymond G. Kammer, deputy director of N.l.S.T., suggested
that the hearings last week were intended to elicit public
comment, and that the Administration's final position on
cryptographic policy were still under analysis.
But the emergence of key escrow issues at the N.l.S.T.
proceedings suggests that key escrow is emerging as a
nonnegotiable demand by some factions of the Clinton
Administration, especially the Justice Department and the
Federal Bureau of Investigation, led by Louis Freeh.
"If this fails," said a figure familiar with the
Administration's thinking on the proposed change in
cryptographic policy, "it's going to lead to a very
divisive debate. And the irony, for libertarians who oppose
key escrow, is that if it fails, I am convinced that Louis
Freeh cannot be true to his job without proposing domestic
controls on data encryption."
"He's not going to give up without a fight, and neither is
the Justice Department," said the figure, who spoke on the
condition he not be identified.
Others say they do not think the Clinton Administration has
yet arrived at a concrete position, even after more than a
year of study and debate. "I don't think it's a final
offer," said John Gilmore, an engineer at Cygnus Support,
a computer company in Mountain View, Calif. "It looks to me
like a weak strawman, a first offer, a proposal to dance."
The question is whether American citizens and businesses
have the patience to wait for the music to start. And the
issue may be moot, anyway because the Internet is no more
controlled by the United States than is the United Nations.
"The Internet Architecture Board has specifically decided
to ignore export controls in designing the security
infrastructure for the next generation of Internet
protocols," Mr. Gilmore said. "The Internet of 1998 will
provide automatic, secure, and fully private communication,
without key escrow, internationally."
In other words, the Internet community is already planning
to jump over the new line in the sand drawn last week by
the Administration. Cryptogrophy that is stronger than the
Government's proposed system will be built into the
Internet by a dozen countries, and American companies and
individuals would be foolish not to use it.
At that point, millions of Americans will come into direct
conflict with Government policy, and the popular
gun-control bumper sticker may be replaced by one that says
"If cryptography is outlawed, only outlaws will have
cryptography."
[End]
Return to September 1995
Return to “nobody@REPLAY.COM (Anonymous)”