Interesting People mailing list archives
What's Happened to Clipper?
From: David Farber <farber () central cis upenn edu>
Date: Fri, 3 Dec 1993 18:11:45 -0500
What's Happened to Clipper? Stephen T. Walker Trusted Information Systems, Inc. December 3, 1993 With all the activity on the President's Key Escrow proposal from April 16 until early September, one would expect that there would be a great deal to report over the past three months. However, things have been remarkably quiet on the Clipper front. There has been essentially no news from the government since the mid-September announcement to interested members of Congress and their staffs that NIST and a group somewhere in the Department of the Treasury would be the key escrow agents. A Department of Justice meeting scheduled for October 14 was cancelled. Presumably the Interagency Review process continues. There are reports of meetings with various industry groups, but as of this writing I am unaware of any publicly announced conclusions. During this period, however, there have been a number of related activities that are worthy of note. In the next few pages I will summarize these developments in chronological order. Following this, I will describe some of my observations and conclusions. Summary of Events since September: On September 28, comments were due on the Escrow Encryption Standard (EES). Unofficially we were told that some 265 comments were received. One was in favor of the proposed standard. Four abstained from voting. The remaining 260 were opposed. To my knowledge there has been no official word on the EES comments. On September 30, the President relaxed export controls on many forms of computertechnology. The previous upper limit on license-free export of workstations without any controls had been at a level of 12.5 Million Theoretical Operations Per Second (MTOPS), a measure that takes into account the power of parallel computer systems. The new license-free export level will be 500 MTOPS. Whereas the limit for which a specific license was needed (and for which it was reasonable to expect approval) was 25 MTOPS, the new limit will be 2000 MTOPS. Some have speculated that there may be only a few computers in the world that exceed 2000 MTOPS. But except for very powerful parallel computers, it appears there are no longer significant controls on the export of general purpose computers from the US. On October 12, hearings by the House Foreign Affairs Subcommittee on Economic Policy, Trade and Environment were held. The hearings consisted of two sessions: the first open to the public, the second a closed classified hearing. Congressman Gejdenson, chairman of the Subcommittee, opened the session by stating that NSA "is attempting to put the genie back into the bottle. It won't happen, and a vibrant and productive sector of American industry may be sacrificed in the process." All of the comments during the open session were strongly opposed to the government's continuing controls on the export of cryptography. Demonstrations were given of the ease with which cryptography can be imported from friendly countries and used to protect all forms of sensitive information including voice and data. An update of the statistics of foreign availability of cryptography indicated that 366 companies in 31 foreign countries were actively manufacturing and/or distributing cryptographic products. Actual product literature on 200 foreign products was displayed, 123 of them using DES. Products from the UK, Germany, the Netherlands, Israel, and Russia were displayed. Congressman Gejdenson asked to "borrow" several of the products, promising to return them. He then gave them to NSA representatives at the closed hearing later the same day. The products were returned following an NSA review on December 2, 1993. On October 20, the 700 Club on the Christian Broadcasting Network presented a feature that was strongly opposed to key escrow. In early November, Bruce Schneier's book entitled Applied Cryptography was published. The book contains source code listings for 14 encryption algorithms including DES and IDEA. The rumor that disks containing the source code would be available with the book (as has been done in the past) was false. One must order them separately, and they will not be shipped outside the US and Canada, at least knowingly. On November 3, CNN highlighted the Clipper situation with a story featuring Congressman Brooks stating: "We shouldn't allow the intelligence agencies to control the economic commercial future of this country." "They have a legititmate concern, but they probably felt that way when they developed the automobile--made it harder to caught criminals--they could get away faster--drive longer than they could ride a horse." On November 4, the GAO released a study prompted by hearings in May 1992 on foreign industrial espionage that was highly critical of the government's continuing controls on the export of cryptography. According to the news release that accompanied the report: "The global competitiveness of American corporations is threatened by government policies restricting the use of commercial encryption technologies that could help protect US businesses from foreign governments' economic espionage operations, according to Congressman Jack Brooks (D-Texas), Chairman of the House Committee on the Judiciary." On November 12, the Concerned Professionals for Social Responsibility (CPSR) issued a summary of their Freedom of Information Act (FOIA) request regarding an internal FBI digital telephony initiative called "Root Canal" that: "Raises serious doubts as to the accuracy of the FBI's claim that advances in telecommunications technology have hampered law enforcement efforts to execute court- authorized wiretaps." In early November, I met with representatives of government and industry in the UK, France, the European Commission, and Germany. The reaction in Europe to NIST's proposal to license the Digital Signature Standard to Public Key Partners and to the Clipper key escrow initiative in general ranged from confusion to anger and frustration. Many people are upset and considering setting up their own cryptographic processes for digital signature and confidentiality. On November 17, a meeting was held at IDA of the DoD - Industry Technology Review Group examining possible relaxation of the COCOM export rules for information security products and technology in light of the President's recent major relaxation of export controls on computer technology. This meeting resulted in little change in the DoD position on export control of cryptography. However, the highlight of the meeting was an amazing performance by the NSA representative (which another government official proclaimed the best stonewall he had ever seen), claiming among other things that: "Cryptography is on the irreducible list" (meaning presumably that it could never come off the export control list). "Discussions of cryptography must not take place in meetings outside the DoD" (there were representatives from the Departments of State and Commerce and from industry as well). "Industry may put forth evidence that the government may take out of context." During this meeting it was stated that as a result of the President's relaxation of export controls on computers, there was a new emphasis on "economic security" in addition to the traditional "national security" and "political security" elements. Presumably with the end of the cold war, our economic health counts more heavily than it used to in making export control decisions. (More later). In their November 22 issue, Business Week had a two page article entitled "Duking It Out for the Decoder Ring" in which they review the fight over "federal limits on data-scrambling software." Among the more interesting quotes are: "Clipper is the most rancid idea to come along in quite a long time." - Whit Diffie, Sun Microsystems. " ~There is no one who believes that the status quo can be maintained, even in the NSA,~ says a former White House national security official." In their summary table, Business Week gives the following prognosis: On technology: "Clipper chip will be used by government and by companies doing business with it. Beyond that, limited use." On exports: "Export controls will be relaxed early next year but not nearly as much as industry wants." On verification (digital signature): "For the most part, industry won't adopt the government standard." On November 23, Congresswoman Maria Cantwell introduced HR3627 in the House of Representatives, which would: transfer jurisdiction for civilian encryption products to the Department of Commerce, decontrol mass-market and public domain software to all but embargoed and terrorist countries, decontrol hardware incorporating decontrolled encryption software, and expand categories of customers eligible for file encryption. In late November, the Department of Defense (DoD) Authorization Bill passed Congress with specific language that directs the DoD to fund a "Comprehensive Independent Study of National Cryptography Policy" by the National Research Council (NRC), part of the National Academy of Sciences. This review, to be completed within two years (after participants receive appropriate clearances) may be the most important development for reaching a long term resolution of this national dilemma. It is worthy of note that no fewer than four recent NRC studies have commented on the export topic, in general recommending some form of relaxation of export controls. On November 24, Josef Pieprzyk and Leonid Tombak of the University of Wollongong, Australia, published an English translation of the Government Standard of the USSR (GOST) 28147-89 Cryptographic Protection for Data Processing Systems, the Soviet equivalent of DES. On December 2, Aleksandr Malchik and Whitfield Diffie of Sun Microsystems published a second English translation of the same standard. Whit's preface contains several interesting observations: "The Soviet system has 32 rounds rather than the 16 of DES." "In contrast to DES's meager 56 bits of key, GOST 28147-89 has 256 bits of primary key and 512 bits of secondary key." The Soviet standard "does not place any limitation on the secrecy level of the protected information." Software versions of GOST are available without apparent export control from Russia through English distributors. There has been speculation that those industries throughout the world who need cryptographic protection but are hampered by government export restrictions should consider widespread adoption of GOST, which can be freely exported from Russia and imported to virtually any location on earth. This may be the only way to get good quality cryptography worldwide. On December 3, the Data Encryption Standard five year reaffirmation and the FIPS 140-1 Security Requirements for Cryptographic Modules were signed by the Secretary of Commerce. Meanwhile: Observations on the worldwide availability of cryptographic products: The ongoing SPA-sponsored study of the worldwide availability of cryptographic products has confirmed, as of December 3, 203 foreign manufactured products, 127 of which utilize DES. There are active manufacturers and/or distributors in at least 32 countries around the world; indeed, the sun never sets on sale of cryptographic products. But a much more ominous finding (for the US, at least) concerns the apparent ease with which vendors in foreign countries, including the United Kingdom, Germany, Denmark, and Israel, can ship DES-based cryptographic products to the US and presumably the rest of the world. In most cases, a phone call with a credit card number results in immediate shipment without any apparent government red tape. In many cases products as good as or better than those developed in the US arrived overnight. These companies either have no government export controls to contend with or they fill out the paperwork after the fact with the certain knowledge that export will be approved retroactively. It appears that companies in countries other than the US are allowed to operate on the premise that if the country to which the product is being shipped is not a COCOM proscribed country or a locally designated terrorist country, they are free to ship products containing DES-quality cryptography. Would that it were so in the US. While in Europe, I was told that "the government does not mind a few small companies exporting small quantities of DES products. Indeed, there are concerns that if this government did prosecute, they might open up a legal can of worms since there appears to be no formal basis for the government to stop such exports. If, however, a company gets too big or sells too many products, they will be ~visited~ by the government and encouraged to stop." In France, I learned that the rumor that the government requires registration of everyone's individual encryption keys is false. What they do require is registration of the general use of cryptography. If a company wants to encrypt its communications, it must tell the government of its intention and get the government's approval. It is not clear if there is any actual export control of cryptographic products from France. In a written comment from a firm in Australia, we heard that in order to export cryptographic products from there, one must obtain a certificate that the country to which one is exporting does not "repress its citizens! Such a certificate is not hard to get for friendly countries." It is becoming clear that if this situation stays as it is, the National Information Infrastructure will get its security from outside the US! ...On the Economics of Key Escrow: In our comments on the Escrow Encryption Standard last September, we pointed out that based on: the wiretap statistics the law enforcement community has been using in the Clipper Initiative debate ( approximately 800 wiretap court orders per year times approximately 5 physical wiretaps per court order), and an optimistic assessment of the number of key escrow phone security devices that are likely to be in place in the US in ten years (5%), one can expect the key escrow agents to receive roughly 200 key escrowed calls per year or one every 44 hours {800 x 5 x 5% divided into 365 days}. This assumes that those whom law enforcement community are likely to wiretap (i.e., presumed criminals) will use key escrow devices in the same ratio as the general public, an unrealistic but conservative assumption. Now that the key escrow agents have been tentatively named and are beginning to get organized, one can actually begin to assign costs to their operation and examine whether there is any economic sense to all this. Each key escrow center will have to operate 24 hours a day, 7 days a week, 365 days a year because one can never know when a call from law enforcement will come in. NIST estimates that it will take ten people to fully operate a key escrow center. Assigning an approximate fully loaded cost for an employee of $150K per year, this means that the recurring personnel costs alone for one center will be $1.5M per year; two centers will be $3M per year. Conservatively, the costs of running two centers will be approximately double the personnel costs or $6M per year. If we can expect the above estimated 200 calls per year for key escrow requests, this equates to $30,000 per call. The law enforcement community, in their arguments that wiretaps are used sparingly because they cost so much, has estimated that a typical conventional wiretap today costs between $50,000 and $60,000. If, in addition to those existing costs, the law enforcement community were to have to reimburse the costs of the key escrow process, the cost of a typical wiretap will increase by 50% or more. Does this make any sense? ...On the Legal Basis for Key Escrow: While I was in France, a question about the US concerns for key escrow arose in discussions with government officials. After all, they asked, if there is as strong a separation of powers between the Executive and Judicial Branches of government in the US as there is in France, what are the objections to key escrow? I pointed out that this question hits directly at the concern of many in the US. Key escrow, as being proposed by the US government Clipper Initiative, does not take advantage of the very significant separation of powers employed elsewhere in government (e.g., in the wire tap laws). On the contrary, the Executive Branch contends that it can implement key escrow entirely within the Executive Branch without further legislation. Unfortunately for the average citizen, this convenient expedient also allows the Executive Branch to change the rules that govern key escrow at any time without any oversight from elsewhere within the government. A key escrow system that involved the Judiciary Branch as the escrow agent (there would be no need to have more than one agent to create an illusion of independence) might be much more acceptable to the average American citizen. In such a proposal there would be a true escrow relationship with the Judiciary Branch responsible to both the Executive Branch and the citizen. Of course this would require legislation to create such a process. It is not clear why such an arrangement is not being sought by the government. Perhaps it is just that it would take too long. Perhaps it would be better to take the time and do it right. ...On "Where is the Harm?" Following the closed hearing on October 12, we were told that industry must show significant economic harm before a change can take place in the export controls on cryptography. At that hearing industry representatives testified that a $6-7B industry was at stake and that at least one major US vendor was losing $70M per quarter because of its inability to supply good quality cryptography to its multinational customers. It would seem that no matter how much information on losses one presents, it will never be enough to satisfy the government. The government would very much like to limit this debate to an argument about looses of sales by the US computer industry. In so doing they can claim that the "security of the nation" is being jeopardized by an industry "that only worries about increasing sales." But lost sales of computer products are not the aspect of economic security that should be concerning us. There are two ways that government export controls affect our economic security: directly, through the loss of sales of computer products that employ cryptography, and indirectly and much more substantially, through the loss of government and commercial sensitive information if it remains unprotected on US and international computer networks. The real concern here is the tradeoff between: the cost to all of us if our important government and corporate secrets are lost, versus the cost to national security and law enforcement interests if cryptography becomes more widespread, domestically and overseas. Our government would have us believe that a major disaster will occur if good quality cryptography were to become widely available. But our survey indicates that good quality cryptography is already widely available from foreign sources. The governments of our friends overseas apparently are not concerned. They are not only not stopping the export of cryptographic products but in some cases, actively promoting them. And so far, at least, the national security disaster has not happened. Why is it acceptable for friendly foreign countries to export to us but not for us to export to them? If US industry were allowed to export good quality cryptography, would the national security disaster happen any more quickly? We will not have to wait long to answer these questions. Soon foreign sources will dominate sales of cryptographic products in the US as well as overseas. If the US government is so concerned about the availability of good quality cryptographic products throughout the world, their case would be much more believable if they exerted even a fraction of the energy they spend trying to stop US exports on pressuring the governments of friendly countries to control their own exports. And what about the economic security disaster that will happen as increasing levels of US and multinational information on computer networks remains exposed because effective products to protect it are not available? At some point, it is inevitable that the cost of losing US government and industry sensitive information will exceed the cost to foreign intelligence from increased use of cryptography overseas. Do we have to wait for this disaster to seek a change in US export policy? ...On A National Policy on Cryptography: In March 1992 the Computer System Security and Privacy Advisory Board recommended a national review of the use of cryptography in the US. Such a review is needed to find an appropriate balance between: the legitimate interests of citizens, private organizations, and the government to protect their own sensitive information, and the legitimate interests of the law enforcement and national security communities to listen to the communications of our adversaries. One outcome of such a review might be a national policy on cryptography that would clarify where the boundary between the citizen's right to privacy and the government's need to listen exists. One version of such a policy might be: Good quality cryptography shall be available to all private citizens and organizations without government restriction. Good quality cryptography shall be defined as that which is routinely available throughout the world for the protection of sensitive information (e.g., the Data Encryption Standard (DES) or RSA encryption algorithms). Without government restriction shall mean without the interference of government through export control, imposition of key escrow, or other restrictive measures. It is my personal opinion that until a national policy such as this becomes enacted into law, the debate on this topic will never end.
Current thread:
- What's Happened to Clipper? David Farber (Dec 03)