Cyphernomicon Top
Cyphernomicon 9.5

Policy: Clipper,Key Escrow, and Digital Telephony:
Motivations for Crypto Laws


    9.5.1. "What are the law enforcement and FBI worries?"
           - "FBI Director Louis Freeh is worried. The bad guys are
              beginning to see the light, and it is digital. ... Freeh
              fears some pretty nasty folks have discovered they can
              commit highway robbery and more, without even leaving home.
              Worse, to Freeh and other top cops, by using some pretty
              basic technologies, savvy criminals can do their crimes
              without worrying about doing time.
              
              "Some crooks, spies, drug traffickers, terrorists and
              frauds already use the tools of the information age to
              outfox law enforcement officers. Hackers use PBXs to hide
              their tracks as they rip off phone companies and poke
              around in other people's files. Reprogrammed cellular
              phones give cops fits." [LAN Magazine,"Is it 1984?," by Ted
              Bunker, August 1994]
           - Their fears have some validity...in the same way that the
              rulers in Gutenberg's time could have some concerns about
              the implications of books (breaking of guilds, spread of
              national secrets, pornography, atheism, etc.).
    9.5.2. "What motivated Clipper? What did the Feds hope to gain?"
           - ostensibly to stop terrorists (only the unsophisticated
              ones, if alternatives are allowed)
           - to force a standard on average Americans
           - possibly to limit crypto development
           + Phil Karn provides an interesting motivation for Clipper:
              "Key escrow exists only because the NSA doesn't want to
              risk blame if some terrorist or drug dealer were to use an
              unescrowed NSA-produced .....The fact that a terrorist or
              drug dealer can easily go elsewhere and obtain other strong
              or stronger algorithms without key escrow is irrelevant.
              The NSA simply doesn't care as long as *they* can't be
              blamed for whatever happens. Classic CYA, nothing
              more.....A similar analysis applies to the export control
              regulations regarding cryptography." [Phil Karn, 1994-08-
              31]
             - Bill Sommerfeld notes: "If this is indeed the case, Matt
                Blaze's results should be particularly devastating to
                them." [B.S., 1994-09-01]
    9.5.3. Steve Witham has an interesting take on why folks like
            Dorothy Denning and Donn Parker support key escrow so
            ardently:
           - "Maybe people like Dot and Don think of government as a
              systems-administration sort of job.  So here they are,
              security experts advising the sys admins on things like...
              
              setting permissions
              allocating quotas
              registering users and giving them passwords.....
              deciding what utilities are and aren't available
              deciding what software the users need, and installing it
                       (grudgingly, based on who's yelling the loudest)
              setting up connections to other machines
              deciding who's allowed to log in from "foreign hosts"
              getting mail set up and running
              buying new hardware from vendors
              specifying the hardware to the vendors
              ...
              
              "These are the things computer security experts advise on.
              Maybe hammer experts see things as nails.
              
              "Only a country is not a host system owned and administered
              by the government, and citizens are not guests or users."
              [Steve Witham, Government by Sysadmin, 1994-03-23]
              
    9.5.4. Who would want to use key escrow?
    9.5.5. "Will strong crypto really thwart government plans?"
           - Yes, it will give citizens the basic capabilities that
              foreign governments have had for many years
           + Despite talk about codebreakes and the expertise of the
              NSA, the plain fact is that no major Soviet ciphers have
              been broken for many years
             + recall the comment that NSA has not really broken any
                Soviet systems in many years
               - except for the cases, a la the Walker case, where
                  plaintext versions are gotten, i.e., where human
                  screwups occurred
           - the image in so many novels of massive computers breaking
              codes is absurd: modern ciphers will not be broken (but the
              primitive ciphers used by so many Third World nations and
              their embassies will continue to be child's play, even for
              high school science fair projects...could be a good idea
              for a small scene, about a BCC student who has his project
              pulled)
    9.5.6. "Why does the government want short keys?"
           - Commercial products have often been broken by hackers. The
              NSA actually has a charter to help businesses protect their
              secrets; just not so strongly that the crypto is
              unbreakable by them. (This of course has been part of the
              tension between the two sides of the NSA for the past
              couple of decades.)
           + So why does the government want crippled key lengths?
             - "The question is: how do you thwart hackers while
                permitting NSA access? The obvious answer is strong
                algorithm(s) and relatively truncated keys." [Grady Ward,
                sci.crypt, 1994-08-15]
  

Next Page: 9.6 Current Crypto Laws
Previous Page: 9.4 Crypto Policy Issues

By Tim May, see README

HTML by Jonathan Rochkind