Next week John Perry Barlow and Stewart Baker will be debating the future of cyberspace. It's hard to guess exactly what they will be talking about, but from past lectures and essays, I'm guessing that there will be some discussion of privacy and cryptography. And even if they don't discuss it, it's an interesting topic that you should all be aware of.
I am going to try to present to you facts about cryptography and a summary of the controversial issues surrounding its use in as non-biased a manner as possible. This may be difficult because I have strong opinions about some of these issues. But I would like you to think about these issues yourself and draw your own conclusions.
Much of the information in this presentation is taken from:
Codes, Keys and Conflicts: Issues in U.S. Crypto Policy. Report of a Special Panel of the ACM U.S. Public Policy Committee (USACM) June 1994.The report can be obtained in various electronic formats from ACM's Internet host. Internet users can access the report through any of the following URLs:
Parts of this presentation were inspired by a tutorial at the March 1994 Computers, Freedom and Privacy Conference: "Everything you need to know about cryptography in just 60 easy minutes" by Matt Blaze. Blaze is the AT&T Bell Labs researcher who discovered a famous flow in the escrowed encryption standard in May 1994.
For additional information on encryption, check out the EP/CS142 encryption archive.
Who needs privacy and why?
Can't the U.S. government be trusted to respect my privacy?
Although the U.S. government is generally known for respecting the privacy rights of American citizens, there are a number of documented instances where government officials have violated these rights:
Why is privacy more of a problem now than ever before
Online computer databases make it much easier than ever before for someone to piece together a composite profile of any American citizen. Twenty years ago you could collect information about someone by digging through public records scattered about the counties where they have lived or by hiring a private investigator; now you can obtain much of the same information in a matter of hours (or minutes if you know what you are doing) without leaving your home. Direct marketers are taking advantage of this to better identify potential customers.
Face-to-face communications can generally be made private, but telephone, cellular phone, postal mail, email, and radio are easily interceptable. This becomes more of a problem as virtual meetings, electronically transmitted and signed contracts, and electronic payments become the norm.
"Cryptography is the science of secret writing." -- Matt Blaze
Cryptography can provide:
The simplest form of private key cryptography can be found in cereal box "secret decoder rings."
All the parties who want to correspond secretly must have a copy of the secret key. This means that they must arrange to exchange the secret key in advance over a secure channel.
"In a well designed system:
The most popular implementation of private key cryptography is the Data Encryption Standard (DES).
A relatively new secret key system, IDEA, was developed three years ago by a Swiss graduate student and has a 128 bit key.
Proposed in the 1970s by Stanford researchers Diffie and Helman and realized by Rivest, Shamir, and Adelman as RSA.
Any message encrypted with a private key must be decrypted with the corresponding public key, and vice versa....so users publish one key and keep the other key secret.
RSA is "based on the idea that factoring really large numbers seems to be a hard problem." -- Matt Blaze
RSA is about 1000 times slower than DES, and is therefore usually combined with DES, IDEA, or another private key cryptosystem.
Your name has come to our attention. We have reason to believe you may be interested in the products and services our new organization, BlackNet, has to offer. BlackNet is in the business of buying, selling, trading, and otherwise dealing with *information* in all its many forms. We buy and sell information using public key cryptosystems with essentially perfect security for our customers. Unless you tell us who you are (please don't!) or inadvertently reveal information which provides clues, we have no way of identifying you, nor you us. Our location in physical space is unimportant. Our location in cyberspace is all that matters. Our primary address is the PGP key location: "BlackNet
" and we can be contacted (preferably through a chain of anonymous remailers) by encrypting a message to our public key (contained below) and depositing this message in one of the several locations in cyberspace we monitor.... BlackNet is nominally nondideological, but considers nation-states, export laws, patent laws, national security considerations and the like to be relics of the pre-cyberspace era. Export and patent laws are often used to explicity project national power and imperialist, colonialist state fascism. BlackNet believes it is solely the responsibility of a secret holder to keep that secret--not the responsibilty of the State, or of us, or of anyone else who may come into possession of that secret. If a secret's worth having, it's worth protecting. .... BlackNet can make anonymous deposits to the bank account of your choice, where local banking laws permit, can mail cash directly (you assume the risk of theft or seizure), or can credit you in "CryptoCredits," the internal currency of BlackNet (which you then might use to buy _other_ information and have it encrypted to your special public key and posted in public place). .... Join us in this revolutionary--and profitable--venture.
The Fourth Amendment provides safeguards for the security of our "persons, houses, papers and effects" against intrusion by the government.
Prior to 1968, the legality of wiretapping was questioned many times in the courts. In 1968 Congress decided to make the legality of wiretapping unambiguous by including wire tap provisions in the Omnibus Crime Control and Safe Streets Act:
The law enforcement community views wiretaps as essential:
There is no way to know whether evidence obtained through a wire tap is really what ultimately led to a conviction.
In 1993, the average cost of installing and monitoring a wire tap was $57,256.
There are an average of about 900 wire taps annually. About two-thirds are for drug cases.
Cryptography prevents law enforcement from listening in on criminals' communications -- even with a court order!
The public availability of strong cryptography allows foreign governments and terrorists to send communications that U.S. intelligence agencies cannot decipher.
Countries are somewhat successful at controlling the flow of people and tangible items across their borders. However, they are not as successful at controlling the flow of information across their borders, especially when that information is encrypted.
In order to protect all American communications, strong encryption must be widely available in the U.S. However, it is nearly impossible to make strong encryption widely available in the U.S. without making it available abroad as well. For example, despite efforts to prevent the export of DES, it is widely available around the world.
Export controls make it difficult or impossible for American software developers to market their encryption products abroad.
Private use of encryption technology is prohibited or restricted in several countries including France, Korea, Taiwan, and China. Thus, there is little or no market for U.S. encryption products in some foreign countries.
Products containing digital signatures but no cryptographic algorithms that conceal the content of communications are generally exportable.
Key Escrow: An encryption system in which one or more "escrow agents" hold copies of all encryption keys.
In April 1993 President Clinton announced the Escrowed Encryption Initiative, "a voluntary program to improve security and privacy of telephone communications while meeting the legitimate needs of law enforcement."
Clipper Chips are manufactured by one company -- Mykotronx. They are used in AT&T secure telephones.
Public response was overwhelmingly negative.
The Clipper Chip breaks messages up into chunks, encrypts each chuck, and adds a Law Enforcement Access Field (LEAF), before transmitting the message. Each encrypted and packaged chunk looks something like this (summarized from Denning's technical report):
F = Family key (common to all Clipper Chips) - 80 bits
N = serial Number of chip - 30 bits
U = secret key for chip - 80 bits
K = Key specific to particular conversation - 80 bits
M = the Message
Law enforcement officers who have a court order permitting them to intercept a phone conversation can decrypt the conversation using the following procedure:
In May 1994 Matt Blaze announced that he had found a flaw in EES. Blaze said he discovered a way to replace the LEAF with a bogus LEAF containing a different serial number. Although his technique is not fast enough to be useful for voice communication, it seems to succeed in defeating law enforcement access for other types of communications.
Although EES is a voluntary government standard, the NSA is hoping that everyone will buy Clipper products voluntarily because they will be less expensive than other encryption products. In addition, if an agency such as the IRS were to adopt EES, then anyone who wanted to file their taxes electronically would have to use it.
On July 20, 1994 Vice President Al Gore announced that the administration was backing down on SKIPJACK and its applications. He said they would still pursue the use of Clipper for voice and low speed data communications but would investigate other solutions for high speed data communications. There is still a lot of uncertainty as to what other solutions will be proposed.
Are there other solutions to this problem?
Is EES likely to reduce foreign markets for American hardware and software products?
Can we afford to live with EES?
Can we afford to live without EES?