IP: a Japanese view of the NSA

[Dave Farber <farber () central cis upenn edu>]

Joi's point of view

Cryptographic technology could save info industry</H3>
By Joichi Ito

Special to The Daily Yomiuri</H4>
        Internet expert Joichi Ito is the president of PSINet Japan,
Eccosys Ltd. and Digital Garage Inc. Ito was also a member of the Posts and
Telecommunications Ministry electronic payment study group. Ito's column
will appear in the first Cyberworld page each month.

        Internet use in Japan lags about five years behind the United
States. Unlike other countries, Japan has an education system that
suppresses the creativity needed to dominate information industries.
Politicians, business and financial institutions have been criticized for
the delay. Whoever is to blame, Japanese may not be able to thrive in
businesses that rely on new information infrastructure. In this light,
cryptographic technology may be the key to Japan's business survival.

        Cryptography is the study of ciphers. Ciphers are systems that use
codes to scramble messages, preventing anyone without a proper decoding
device from making sense of the message.

        Cryptography is a very old science. Caesar's emissaries used
ciphers when carrying messages to generals on the battlefield. Ciphers
continued to develop, becoming ever more complex and playing an
increasingly important role in warfare. Edwin Reischauer and his team of
cryptographers broke Japanese codes prior to World War II-a move that
proved critical in formulating the United States' Pacific War strategies.

        Since World War II, the United States has guarded its cryptography
developments. Under the auspices of the National Security Agency
cryptographic technology was classified as "Top Secret," carrying the same
weight as munitions development.

        The National Security Agency was formed in 1952 and entrusted with
the task of developing and breaking cryptographic techniques. Activities
were so clouded in secrecy that, until recently, the acronym NSA was often
jokingly said to stand for "No Such Agency."

        Until the world of digital communications, and with it the
Internet, came along, showing that almost anything could be digitized and
sent globally at a very low cost, few people really cared about
cryptography.

        However, once people realized the benefits of digital
communications, a new problem arose. Data sent using digital communications
systems could be viewed by anyone with a little technical expertise. Demand
for effective codes sprung up quickly, moving cryptography from the cloak
and dagger world of spies to ordinary people sending private messages and
businesses exchanging sensitive information.

        The NSA stayed ahead of the field and hired almost every well-known
cryptographer. However, as the Internet's popularity grew so too did
interest in cryptography.  Suddenly, commercial computer and communication
companies were introducing products with increasingly complex cryptographic
technologies.

        NSA attempts to control the industry were quickly thwarted, but the
agency moved in to regulate the export of such technologies on the grounds
that effective codes in the hands of foreign governments posed a threat to
the United States' national security.

        The threat arose because codes could be utilized to allow secure
communications despite the United States leading the world in cryptography
and most forms of data retrieval.

        Further prompting U.S. government cryptography regulation, bodies
such as the Federal Bureau of Investigation claimed the excessive cost and
difficulty involved in wiretapping cryptographically encoded digital
telephones hampered efforts to detect drug dealers, child pornographers and
terrorists.

        The U.S. government solution came in the form of key escrow. Key
escrow allows individuals to use cryptographic technologies but gives the
government a spare or master key to break the codes if necessary.

        The first use of key escrow-dubbed Clipper-was in 1993. Clipper was
a hardware chip that allowed digital telephone users to make secure calls.
However, Clipper also allowed the government to monitor these calls. There
was an outcry within the computer industry and civil liberties groups.
Bodies such as the Electronic Frontier Foundation (<a
href="http://www.eff.org/";>http://www.eff.org) mounted public protests
against key escrow.

        In May 1994, Matt Blaze, an AT&T scientist, discovered a flaw in
the chip's design that allowed users to sidetrack Clipper and block
wiretaps.

        However, the U.S. government has continued to promote key escrow.
In September 1995, the Clinton administration proposed another plan along
similar lines to Clipper but software based and also allowing nongovernment
bodies to hold the key to the codes in escrow.

        Computer companies had begun to complain that export restrictions
on cryptography were crippling their international business, prompting the
U.S. government to allow the export of systems incorporating key escrow.
Now well-informed in cryptography, the companies rejected the compromise
outright.

        Unhappy with the results of key escrow in the United States, the
U.S. delegation to the Organization for Economic Cooperation and
Development meeting in Paris in December 1995, led by Mike Nelson (<a
href="http://www.us.net/~steptoe/276908.htm";>http://www.us.net/~steptoe/2769
08.htm), proposed that key escrow be standardized internationally.

        Surprisingly, it was the Japanese delegation, led by members of the
Posts and Telecommunications Ministry and the International Trade and
Industry Ministry who showed the most skepticism to the idea.
 
        Article 21 of the Japanese Constitution states that "no censorship
shall be maintained, nor shall the secrecy of any means of communication be
violated." Furthermore, unlike most other developed nations, Japan does not
maintain a large intelligence body. These factors have generally led the
Japanese government to frown on wiretapping and refrain from regulating
cryptography.

        In May 1996, a bill proposing an end to export restrictions on
cryptography was introduced to the floor of the U.S. Senate.

        Soon after, the Clinton administration released the draft of a
white paper with yet another proposal maintaining key escrow. The draft
drew wide criticism.
 
        On June 4, 1996, in the midst of the battle between the Clinton
administration and the advocates of cryptography liberalization, Jim Bidoz
of RSA Data Securities Inc.-a U.S. company that developed some basic
cryptography technologies-announced they had developed a very secure code
in conjunction with Nippon Telephone and Telegraph Corp. and intended to
export the technology from Japan.

        Japan had suddenly become a world leader in cryptography and the
ability of the U.S. to control the international flow of cryptography
technology took a major blow.

        If Japan continues to invest in the development of cryptography and
the Posts and Telecommunications Ministry can continue to maintain
citizens' privacy, Japan may feasibly become a leader in the housing of
secure and private servers as well as a leader in cryptography. Japan has
also begun to slowly improve its intelligence gathering ability.

        Moreover, the Japanese police have taken control over the OECD
delegation dealing with the matter and were much less concerned with
privacy than their predecessors. Japan apparently does not realize the
advantage it currently has and may follow the United States in losing its
lead.

        It is also possible that the Japanese government may succumb to
U.S. pressure and sacrifice its citizens' privacy for the sake of global
conformity. For the future of the Internet, I hope they do not do this.