Personal tools
crypto_amer.html
The Clinton Administration Builds its Campaign Against Privacy:
An Analysis of the Key Recovery Draft Legislation on 12 March 1997
by Andrew Oram
A new “Key Recovery” bill proposed by the Administration signals a new direction in an old campaign to rein in the free-wheeling electronic networks that are playing an ever-growing role in our lives. In this bill (which so far has not won any sponsors in Congress), the administration continues trying to impose the environment friendly to surveillance that it introduced four years ago with its first Clipper Chip proposal, and that harkens back even further to digital wiretapping proposals that eventually became law in the 1994 Communications Assistance to Law Enforcement Act.
The purpose of key recovery is to allow law enforcement officials to obtain the secret keys that correspondents use to encrypt their communications over digital networks, and thus to read the contents of the communications. Such networks currently include cordless telephones and electronic mail, but they will probably grow to include other services in the future. The FBI and Clinton administration have expressed fears that terrorists, drug dealers, and other destructive forces are using digital communications to set up crimes, and that law enforcement needs access to everyone’s communications in order to stop those crimes. In contrast, the civil-liberties community is skeptical of the need for further surveillance, and recognize here an age-old attempt to remove privacy and liberty from the entire populace in the guise of protecting it from unsavory elements.
A Background on the Encryption Battle
The first incarnation of the key recovery proposal, called Skipjack and later Clipper, contained a full-blown encryption algorithm. It not only embodied the controversial policy of giving governments access to citizens’ communications, but suffered from several technical weaknesses as well. Encryption experts have a long-standing tradition of using public publication and scrutiny to verify the security of proposed algorithms. The government’s refusal to publish the details of the Clipper algorithm raised concerns in the encryption community, and indeed one weakness was eventually revealed. The new bill discussed in this article makes no mention of a specific type of encryption. In fact, it explicitly guarantees the right to use “any encryption, regardless of the encryption algorithm selected.” But we must not optimistically assume that the Administration has totally abandoned Clipper; it may still propose some new variation as the standard.
Furthermore, the right to use any form of encryption is guaranteed only to residents of the United States. This means that the Administration is not budging on its export restrictions, which have garnished much anger from the civil-liberties community and mainstream computer companies alike.
Currently, encryption is a kind of ad-hoc, external add-on to digital communications. Users encrypt their communications manually by running programs like Pretty Good Privacy (PGP) or by setting up a channel to their correspondent (say, by connecting to a Web site) and then using an agreed-on key. The weakness of both methods is that it is hard to identify whether the correspondents are really who they claim to be. Unless they use some channel of communication outside the digital network (like physically handing each other a piece of paper containing their secret keys) they cannot be sure that a hostile enemy is not posing as one or the other.
Thus, a third party or chain of such parties is needed, one known and trusted by both correspondents. The need for highly visible and identifiable “trusted third parties” will grow as more and more people use electronic networks, particularly for commerce. (After all, who would you turn to in order to verify a correspondent half-way around the globe whom you want to buy services from?) Many governments, therefore—including the U.S., France, and Britain—are offering to set up licensing systems so that a set of trusted third parties can be easily found and employed by anyone interested in using the information highway.
Yet the “trusted third party” issue is a Trojan horse, into which governments are sneaking their plans for universal surveillance. No government intervention is really needed to develop a set of third parties. Growing demand for electronic commerce will cause them to spring up naturally. After all, most of us use credit cards; did the government have to pass special laws requiring the registration of credit card numbers? So despite the sanctimonious support that all governments profess in their key recovery proposals, their true goal is not to promote electronic networks but to control them.
Features of the 12 March 1997 Bill
The new bill is most disturbing for the broad powers it gives government. Currently, surveillance requires a court warrant (although there is plenty of evidence that law enforcement installs wiretaps illegally without such review). In the new bill, conditions for giving keys to government officials are much looser; access can be granted based on these any of these conditions in section 302(A):
- A warrant or court order, as at present
- A subpoena authorized by Federal or State statute or rule
- A certification issued by the Attorney General under some applicable law, such as the Foreign Intelligence Surveillance Act
- written authorization in “a form to be specified by the Attorney General”
The third condition is particularly worrisome given the eroding of privacy rights in recent laws supposedly combating terrorism. One can easily imagine a situation like this: suppose that the President secretly agrees with the British government to find out where American funds for the Irish Republican Army are coming from. The Attorney General then requests the secret keys for thousands of politically prominent Irish-Americans, in order to track all their electronic communications. The “rule of law” is being severely stretched in this imaginary (but not too improbable) scenario!
As a final chill, the bill calls for a maximum of five years’ imprisonment for anyone using encryption “in furtherance of the commission of a criminal offense.” Thus, if you are found guilty of some relatively minor offense, you may find five years tacked on to your conviction if you happened to use an encrypted conversation during the time of its planning or execution.
Why Not Outlaw Unauthorized Forms of Encryption?
One criticism always raised to Clipper-like plans is that serious criminals and hard-core terrorists will simply eschew the Administration’s chosen form of encryption. They’ll continue to use a personal, uncrackable encryption. Civil libertarians have thus expressed the fear that the Administration will move toward outlawing unapproved forms of encryption. In fact, France has already done so. Is this a threat?
Luckily, I doubt that the U.S. government will try such a stark attack in the near future. It would put the question of privacy and free speech squarely on the public agenda. Americans would have to choose openly between the right to privacy of all citizens, and the dubious and unclear benefits of giving law enforcement officers a new convenience in their fight against terrorism. While the public is subject to strong emotional pressures on both sides of the question, evidence is strong that there is widespread pride in maintaining the privacy vis-a-vis the government. And one shudders to imagine the application of such a ban: homes invaded to check computers for illegal software, programmers arrested on suspicion of providing encryption products, and so on. It would be the first time in history that we were told what software we could and could not purchase.
Besides the political risks of banning encryption, the attempt would be technically impossible. Suppose the FBI snoops on two correspondents and comes across a message with the simple text, “Here is the file you asked for,” followed by a long stream of binary data. Do they load the data on every known computer system to find out whether it is an executable file? Run it through RealAudio in case it is a sound file? How do they know whether it is some hitherto unknown format for graphics or video—or whether it is indeed a banned form of encryption?
Unknown binary formats may create at least suspicion of a crime, but even this suspicion can be avoided by those with sufficient motivation to do so. For instance, if you transmit a large graphic, you can tell your correspondent to extract every 32nd bit and combine the bits to form a message. The graphic will not be altered enough to show any distortion when displayed, but the message is easy to find for someone who is in on the secret. A whole branch of computer cryptography—called steganography—is devoted to this kind of hidden communication.
The Probable Course of Action
The Clinton Administration cannot succeed in wiping out strong encryption. Therefore, its goal will probably be to make its preferred form so ubiquitous that everyone turns to it as a matter of course. Whenever you walk into an appliance store and spend $30 on a telephone handset, or into a computer store to pick up an electronic-mail program, the Administration will hope that it has the type of encryption that permits them access. Finding alternative forms of encryption will require increasing amounts of effort and technical knowledge.
That the Administration can achieve this goal was suggested by the aftermath of the 1994 Communications Assistance to Law Enforcement Act, when the major telecommunications companies met with the Administration and agreed to implement the law. Computer companies have also shown a willingness to install key-recovery mechanisms in exchange for the government’s weakness of export restrictions.
The Administration can take a particularly powerful step toward making key-recovery universal by requiring it for government use. Eager to win over the enormous government market, most companies are likely to fall into place. This tactic explains the section of the bill—501(A)—that requires manufacturers to label their products in order to indicate “whether such products are authorized for use in transactions with the United States Government.”
Finally, the Internet Engineering Task Force (IETF) is building some standards for the Public Key Infrastructure that explicitly allow for key recovery by governments, presumably in recognition of the desire expressed by many governments for this feature.
Dangers of Key Recovery
The continued efforts of the U.S. government to control encryption are replete with dangers. First comes the abuse of the surveillance capabilities by the government itself. We can point to many instances through the decades of such abuse, including COINTELPRO, Watergate, and the recent revelation that the FBI had given the Clinton Administration unauthorized access to files on hundreds of political opponents.
If the U.S. wants access to its residents’ communications, so will other governments. And section 503 of the bill actually instructs the President to enter into negotiation with other countries to promote a worldwide key recovery system. Perhaps the next author of a “Satanic Verses” type of novel will find the drafts intercepted on the way to the publisher, and be arrested or assassinated before finishing the work.
Another danger lies in the concentration of keys in highly visible, centralized repositories. These will present an irresistible target for intruders, and such intruders cannot be kept out indefinitely. A history of many break-ins to networks owned by the military and by large corporations proves this.
Finally, the safety of centralized storage depends on the honesty of the staff who have access to the computers. Such a risk is recognized in the Administration’s bill, which imposes strict penalties for the unlawful release of keys. Yet such punishments have never proven totally effective in other situations where sensitive information is at stake, and they will not work here either in the face of bribery or a desire for vengeance.
The civil liberties and computer communities must continue to fight key recovery proposals. In addition to the political fight, the computer community can help by continuing to develop simple and easily-available forms of strong encryption, which will truly protect the public in the decades to come.
Created before October 2004