The McCain-Kerrey “Secure Public Networks Act”
Brute force attack on encryption
Andy Oram, firstname.lastname@example.org
It looks as if the framers of the “Secure Public Networks Act” (S. 909), which was passed by the Senate Commerce Committee on June 19, 1997 and later amended slightly, have read everything that civil libertarians and encryption experts had to say about computer encryption—and put everything they hated into one bill. Bearing a name fit for a George Orwell critique, the “Secure Public Networks Act” threatens to cripple a key aspect of the information infrastructure and of public privacy: the use of encryption to send messages over electronic networks.
Encryption is used heavily by human rights activists and other political figures in many countries to protect themselves and their sources from arrest and assassination; even in North America it is seen as critical by many to protect private thoughts exchanged among colleagues. Encryption is also critical to online commerce, because it protects trade secrets and assures users that money is being transferred properly. In the form of digital signatures, encryption allows someone to pass a contract across the Internet or stand behind a public statement. However, governments fear that networks will be used for tax evasion, the exchange of pornography, and other crimes. Invoking fears of terrorism and rampant pornography (very powerful incentives in the political arena) they are trying to restrict encryption in ways that intrude on the privacy of all Internet users.
Care is particularly important in legislating for computer encryption nowadays, because encryption is popping up in more and more parts of the infrastructure. For instance, future versions of the Domain Name Service, which is queried by user programs whenever they try to reach a remote computer system by name, might use encryption to authenticate servers. To add the huge overhead of key recovery to parts of the infrastructure like DNS would be absurd. It is not clear that S. 909 would require key recovery for parts of the network infrastructure that are not directly involved in data transmission—there seems to be an exemption for such keys in Sec. 402, subparagraph (b)(3)—but we must always think carefully when technology is asked to change in order to satisfy political mandates.
Problems in the Secure Public Networks Act include:
- Erosion of personal privacy.
The bill creates an infrastructure in which Internet users register their private keys with a “key recovery agent,” which in turn can make the key available to government agencies so that messages can be secretly decrypted. While the system is not universally mandatory, the law requires its use under a variety of circumstances (described below) that are intended to bring it into universal use.
The procedures for making keys available to government agencies are easily subject to abuse. An amendment to S. 909 requiring a court order—as is currently required for telephone wiretaps—is quite welcome, but the potential abuses are still clear to anyone who has read about the FBI COINTELPRO campaign of the 1960s and 1970s, Nixon’s enemies list, or—more recently—the illegal delivery of classified information about Republicans by the FBI to the Clinton White House and the overly broad use of wiretapping in the investigation of mob activities in the Boston area.
The dangers of key recovery are manifold. Security at the key recovery agent’s site can be breached, because no security on the Internet is perfect (as testimony from military sites and large companies that have experienced break-ins can prove). A employee of the agent can be bribed or blackmailed into revealing a key illegally. Governments can, in the future, pass laws that allow them broad, unfettered access to obtain keys.
The costs of storing secret keys is large, and is passed on to the consumer. The cost includes not only the handling of the key and the system on which it is stored, but the expensive collection of routers and systems that are currently required to protect the key and the constant monitoring that is required to prevent or catch break-ins. Individual users will therefore end up paying for a system that offers them no benefits, but merely preserves the government’s right to snoop on them.
- Technical weaknesses.
Secret keys are extremely powerful, and must be guarded carefully if there is to be any trust in electronic networks for commerce or private communications. If someone knows your key, he can masquerade as you on the Internet, make purchases and sign contracts in your name, and decode any mail sent to you that he can get through packet sniffers or other intrusions on the Internet. But key recovery plans require keys to be stored in highly visible organizations connected to the Internet—perfect targets for break-ins. For this reason, software companies and other companies that want to move heavily onto the Internet have historically opposed key recovery plans.
A collection of encryption experts have heavily criticized key recovery because it presents so many security problems in storage, verification of requests for keys, and transmission of keys. Technical problems would greatly raise the cost of encryption, further holding back the information infrastructure.
- Intrusion into commercial and personal choices.
A recent court ruling challenged the Department of State’s ban on the export of powerful encryption (anything using a key more than 56 bits long), a ban that was long opposed by civil libertarians and corporate interests alike. The ban was ruled an unconstitutional infringement on free speech. But now, as a chink is being forced open in government attempts to hold back encryption, S. 909 tries to ram it shut again. The very Department of State rulings that were declared unconstitutional are codified in Title III of the law.
It could be argued that S. 909 creates an unfunded mandate. Officially, the bill requires key recovery only on networks created with Federal funds, which is legitimate. But the obvious intent of the bill’s supporters is to force other companies and individuals to use the desired encryption system, so that they can communicate with organizations required by law to use it. Thus, the bill requires the creation of an expensive encryption system without funding it.
- Lost sales.
Users outside the United States have no interest in using systems that allow the U.S. government to read their electronic mail and track their business transactions. They therefore will not buy products using the McCain-Kerrey system unless our government manages to strike deals with other countries to impose the same requirements (a process in which the Clinton Administration has expressed an interest). Even at home, the onerousness and cost of escrowing keys will lead users to stick to home-grown systems like PGP or risk their data by avoiding escrow.
- Chilling effect on the use of encryption.
Anyone who uses encryption “in furtherance” of a crime can be imprisoned for an extra five years under the bill (Sec. 104). Thus, a relatively minor offense—any that calls for a jail sentence of a year or more—may lead to a much more serious punishment, if the person being prosecuted used email with encryption for any message related to the crime. The fear of harsh sentences will lead to a general reluctance to use encryption.
While introduced officially by Senators John McCain (R-AZ) and Bob Kerrey (D-NE), the bill has the imprint of the Clinton Administration all over it. Like the Administration proposal of 12 March 1997, the McCain-Kerrey bill offers paper safeguards against the misuse of key recovery, and promises that participation in the plan is voluntary. These promises are overriden by provisions that force the key recovery plan on the public through indirect measures. Anyone who uses U.S. government funds to buy an encryption product (Sec. 203), who communicates with the U.S. government through its own network (Sec. 204), or who conducts government business over a network that was funded by the U.S. government (Sec. 205), must join the key recovery system. Most commercial organizations would be covered under Sec. 204, since they wish to do business with the government, while most universities would be covered by Sec. 205 because the U.S. government is funding the “next generation” Internet, or Internet II.
The scope of Sec. 204 is hard to determine because it refers to “encryption products as part of the network,” but it is safe to assume that this will be interpreted to cover any product that encrypts data being sent over the network.
S. 909 did not appear in a vacuum. It is part of a campaign by the NSA, the FBI, and the Clinton Administration to impose a new surveillance capability on the U.S. public—and indirectly, the rest of the world—and represents a damage-control operation to stop two bills that could open the way to strong encryption on the Internet: S. 377, the Promotion of Commerce Online in the Digital Era Act (Pro-CODE), and H.R. 695, the Security and Freedom Through Encryption Act (SAFE). Both of those bills were openly opposed to current controls over encryption and attempts to impose key recovery, although they contained ambiguous language that left open the possibility of government regulation in the future. While Pro-CODE seems to be defunct in the wake of S. 909, SAFE is still alive and was in fact approved by the House Judiciary Committee on June 24. Probably, Congress will ultimately try to find some compromise between the open support for private communications in SAFE and the heavy controls imposed in S. 909. A compromise between two such different philosophies is hard to imagine, but we can be fairly certain that language satisfactory to the Administration will end up in whatever bill is passed. Thus, the freedom to communicate is severely threatened.
The McCain-Kerrey bill has been severely criticized by a wide range of public-interest organizations, including the two leading professional associations in computing, the Association for Computing Machinery and the Institute of Electrical and Electronics Engineers.
U.S. policy on encryption certainly affects other countries. The former Conservative government in Britain recommended a key recovery policy along the same lines as that of the Clinton Administration. While the Labour Party declared support for free encryption and opposition to the Clinton Administration policy, it remains to be seen whether they will follow the course suggested by their predecessors. In Germany, the Interior Minister has called for government control over encryption, and both France and Russia have outlawed forms of encryption that are not approved by their respective governments.
Thus, the tremendous potential of Internet communication and commerce, which is technically within reach today, stands at risk. On the one side, governments are trying to cut off international trade in products that permit strong, secure encryption. The digital infrastructure may stagnate as individuals and organizations fear to exchange sensitive information. On the other side, if governments around the world combine to adopt a standard form of key recovery (which the Administration has suggested in its March 12 proposal) users would face a situation in which any government of any participating country could decrypt messages at will. The resulting situation would be even worse than today.
Here is a situation where a hands-off policy is the only good policy. Encryption can flourish, and Internet commerce along with it, if organizations and individuals are allowed to develop systems that meet their needs. Government attempts to stop the free use of encryption will not stop terrorists—who can always hide the content of their communications—but will have a chilling effect on freedom of speech and association online.
Created before October 2004