IP: Brander network world column

[David Farber <farber () cis upenn edu>]

Date: Sat, 13 Sep 1997 15:32:06 -0400 (EDT)
From: Scott Bradner <sob () harvard edu>
To: farber () linc cis upenn edu


title: Hooded Freedom


This is not the first column I've written about the US policies on
encryption technology and I fear it will not be the last.  According to The
New York Times, the Clinton administration is quietly circulating proposed
legislation that would mandate the inclusion of key escrow features in any
encryption software distributed in the US.  At this time they are not
proposing that use of the features be also mandated, just that they must be
included in all software.  If this is true it is either a very fast
turnaround or another example of the perfidy that passes for normal
discourse in Washington since as recently as Sept. 4th Heidi Kukis, a
spokesperson for Vice President Gore, said there was no such effort and
that "The administration does not support domestic controls on encryption."


Kukis's statement came in response to the testimony of FBI Director Louis
Freeh in front of the a Senate Judiciary Subcommittee.  In his testimony
Freeh said that  "if we had legislation that required the immediate
decryptability of any product used, sold or distributed in the United
States, our domestic law enforcement interests would be protected."  While
asking for new laws he stated more than once that "we're not asking for any
new powers or new authorities."


At least three questions are raised here: would the requested laws be
effective, is the proposal secure and are they asking for new powers?  


Very good non-key escrow encryption technology is freely available today.
MIT, one of many sites around the world distributing PGP (a n encryption
package), has been distributing 300 to 500 copies of PGP per day for more
than two years. (http://bs.mit.edu:8001/pgp-form.html)   In light of this
level of existing distribution it is very hard to see how establishing
rules for new software in the US will make the existing software go away -
or are they depending on bit rot?  Are the drug dealers, spies and
terrorists so dumb that they can not find existing software or buy a copy
from someplace that has not outlawed it? 


It is hard to judge how secure a system this could be since the details of
how the escrow agents themselves would operate are yet to be disclosed but
there is more than a little bit of all eggs in one basket feeling here.
Just how hard would it be for someone who really wanted to know a
particular escrowed key to persuade with money or threats a system operator
with legitimate access to the information?


Even without requiring the escrow features to be turned on they are asking
for new powers (and if this passes expect the on/off switch to go away
soon).  Before this proposal, even though the law could listen in, there
was nothing that said that they had to be able to understand what was being
said.  This proposal is the equivalent of requiring that you speak English
when talking on the phone. 


The poet Robinson Jeffers, speaking to America about freedom wrote "You
will tame it against it burn too clearly, you will hood it like a kept
hawk, you will perch it on the wrist of Caesar."  These proposals do little
but bind our freedom.