From: Declan McCullagh <declan@well.com>
Date: Wed, 2 Oct 1996 11:08:12 +0800
To: cypherpunks@toad.com
Subject: White House crypto proposal -- too little, too late
Message-ID: <Pine.GSO.3.95.961001145707.23810F-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Tue, 1 Oct 1996 14:56:21 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship@vorlon.mit.edu
Subject: White House crypto proposal -- too little, too late

I just got back from the White House, where Gore's office held a
roundtable plugging the administration's long-awaited and already
widely-derided Return of Clipper proposal.

Gore announced that jurisdiction over crypto exports would move to the
Commerce Dept; that the export embargo on 56-bit DES would be lifted
in part for two years only; that to be approved for export firms must
submit a detailed proposal describing how they will move towards key
escrow; that the new regulations would go into effect on January 1.

The true problem with this plan is that 56-bit DES is woefully
inadequate.  But much of the media coverage I've read of the plan
doesn't even mention that. Take Elizabeth Corcoran's article, which
ran above the fold on the front page in today's Washington Post. (It's
what almost certainly prompted Gore's office to move the announcement
to today rather than hold it later this week.)

The thrust of the article is that the administration's new proposal
balances the needs of privacy, business, and law enforcement. But it
doesn't. The Feds, foreign governments, and determined attackers can
crack anything encrypted with 56-bit DES -- the strongest crypto that
can be exported under the plan. This vital fact appears nowhere in the
Post article.

That's why Bruce Schneier, author of Applied Cryptography, recommends
against using DES in favor of a more secure algorithm. According to
Schneier: "A brute-force DES-cracking machine [designed by Michael
Wiener] that can find a key in an average of 3.5 hours cost only $1
million in 1993."

More recently, in January 1996 an ad hoc group of renowned
cryptographers including Matt Blaze, Whitfield Diffie, Ronald Rivest
and Schneier, released a report going even further. They said: "To
provide adequate protection against the most serious threats -
well-funded commercial enterprises or government intelligence agencies
- keys used to protect data today should be at least 75 bits long. To
protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long."

What's even more disturbing is what the administration might do
next. After the roundtable broke up, I chatted with Michael Vadis, one
of the assistant deputy attorneys general who oversees national
security issues. He said an international consensus is forming that
terrorists can use crypto; therefore crypto must be controlled. The
U.S. is certainly pushing this line at the OECD talks.

"But it just takes one country to decide to export strong crypto," I said.

"You're missing something," said Vadis.

"What?" I asked. "Unless you're talking about import restrictions."

"Exactly," he said.

-Declan

*******

Some background:

   Linkname: Brock Meeks on White House plan -- 6 Sep 96
   Filename: http://www.muckraker.com/muckraker/96/36/index4a.html

********

http://www.washingtonpost.com/wp-srv/WPlate/1996-10/01/041L-100196-idx.html

U.S. TO EASE ENCRYPTION RESTRICTIONS

Privacy Advocates Wary of Proposal For Software Exports

   By Elizabeth Corcoran
   Washington Post Staff Writer
   Tuesday, October 1 1996; Page A01
   The Washington Post

   The Clinton administration is cutting off an emotional four-year-old
   debate with the computer industry over the export of
   information-scrambling technology with a plan that it says will help
   U.S. companies boost sales overseas and still allow law enforcement
   agencies to unscramble messages, officials said yesterday.

   President Clinton has decided to sign an executive order that changes
   the rules restricting the overseas sale of the technology, the
   officials said. Although the full details of the plan had yet to be
   revealed, privacy advocates and some industry executives contended
   that it would be difficult to put into practice.

   Under current rules, companies can sell only relatively easy-to-crack
   scrambling technology. Under the plan, they would get permission to
   export somewhat more sophisticated versions of the software and
   hardware, which prevents eavesdroppers from looking at information.

   The issue has caused enormous friction between the government and
   computer industry and privacy groups, which contend that keeping any
   restrictions in place will harm the protection of personal information
   everywhere and slow the development of on-line commerce, which relies
   on keeping credit card numbers and other sensitive information secure.

   The administration counters that it has come a long way in meeting
   such objections. However, last night some companies and privacy
   advocates were still worried that the constraints will leave U.S.
   companies at a disadvantage abroad and will not ensure that
   individuals will be able to protect their communications.

   The government's plan preserves what has been its unnegotiable
   cornerstone since the debate began in the early day of the Clinton
   administration -- that law enforcement officials must have the means
   for peeking at encrypted information when they are properly equipped
   with court authorization.

   Earlier versions of the plan tightly limited what kinds of technology
   could be sold abroad. They also called for makers of encryption
   technology to deposit "keys" with approved third parties so that law
   enforcement authorities could decode material. The new plan doesn't
   specify who would have the keys.

   Last night, several companies, led by International Business Machines
   Corp., said they have a technical plan that they believe could comply
   with the new rules on keys.

[...]
   
   Industry officials say they ultimately want to be able to use the most
   sophisticated encryption technology available. "It's really critical
   to doing business around the world," said an IBM source. "But
   governments exist. It's a balancing act . . . to satisfy the needs of
   the governments and make sure that markets and individuals trust the 
   integrity of what's being sent over the networks."             

[...]