PRIVACY Forum Digest Wednesday, 28 October 1992 Volume 01 : Issue 23 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS (Fwd) A Trial Balloon to Ban Encryption? (Bob Leone) A response to Dorothy Denning on RISKS (Phil Karn) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 23 Quote for the day: Flint: "If you don't mind, sir, I'd prefer to use my own personal code." Cramden: "I'd prefer you use the government one." Flint: "I already know mine, sir. It's a mathematical progression, 38-24-36, it's based on..." Cramden: "I can imagine what it's based on." -- James Coburn and Lee J. Cobb "Our Man Flint" (1966) ---------------------------------------------------------------------- Date: Wed, 28 Oct 1992 14:20:51 -0500 From: Bob Leone Subject: (fwd) A Trial Balloon to Ban Encryption? The following recently appeared on the Agorics Forum, and I think it relevant to this group: Date: Mon, 26 Oct 92 17:02:28 PST From: mark@xanadu.com (Mark S. Miller) To: agorics@xanadu.com, community@xanadu.com Subject: [uunet!netcom.com!tcmay: (fwd) A Trial Balloon to Ban Encryption?] Content-Type: text Content-Length: 4773 Return-Path: From: uunet!netcom.com!tcmay (Timothy C. May) Subject: (fwd) A Trial Balloon to Ban Encryption? To: cypherpunks@toad.com Date: Mon, 26 Oct 92 10:19:54 PST Cc: tcmay@netcom.com (Timothy C. May) X-Mailer: ELM [version 2.3 PL11] Fellow Cypherpunks, I have rewritten my posting on Denning's proposal and posted it to sci.crypt, for wider discussion. I'm surprised the sci.crypt folks had not already the significance. You might want to consider debating the issue there, rather than on this list, as your words will then be heard by more folks and could mobilize an effort against proposal like this one of Denning's. Cryptically your, --Tim Newsgroups: sci.crypt Path: netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) Subject: A Trial Balloon to Ban Encryption? Message-ID: <1992Oct26.180813.7002@netcom.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 Date: Mon, 26 Oct 1992 18:08:13 GMT Is there a trial balloon being floated to effectively ban encryption? Noted and influential influential crypto advisor Dorothy Denning has apparently floated the idea of _public key registration_ in a paper or talk at the 15th Computer Security Conference in Baltimore, held recently. Discussion of this is in comp.risks ("RISKS"), so far, but certainly belongs in this group. I posted a summary of this position to a private mailing list devoted to crypto issues and got a huge response of concerned folks. I don't understand why this is not a hot topic on sci.crypt, so I'll post something right now. Here's my understanding of her proposal: * Anyone using public key cryptography would be required to register the private key with the appropriate authorities, for example, the Justice Department. * To head off the obvious concerns about the government routinely reading e-mail, financial dealings, etc., this registered key would be stored at an independent agency after first being encrypted with the _public key_ of Justice. (That is, the independent key storage agency would have an unusable key, so _they_ couldn't use it themselves.) * To obtain a usable form of the private key, Justice would have to get a valid court order, go to the independent storage agency, present the order, pick up the key, open it with their own _private key_, and proceed to open mail, read communications, etc. This is ostensibly the procedure now used for wiretaps. But the effect on encryption would be chilling: -would greatly complicate the rapid changing of keys -would probably be a way to get "unlicensed" crypto programs off the market (e.g., don't think about using PGP 2.0, as the key registration authorities would either insist on another algorithm, or would send the "registration application" to, for example, RSA Data Security for legal action) -would undoubtedly require a "fee" (like a driver's license) -would interfere with the use of digital pseudonyms, anonymous nets (a la Chaum's "DC Net" proposal, which some of us are exploring now), and digital money -would establish the precedent that private communications are not legal, that copies of all private communications must be placed in escrow with the government Registering keys is no different than, for example, requiring a permit for every public utterance or for registering typewriters, modems, computers, fax machines, and copiers. Or banning the use of sealed envelopes for mail. In Phil Zimmerman's great words, it would be like requiring all mail to be sent on postcards. My suspicion, which Prof. Denning will presumably comment on if she's reading this, is that the government folks have come to understand the profound implications of modern crypto and are looking for approaches to head off the coming sea changes. Granted, there are serious national security threats in using modern crypto methods, but there are in any of the new technologies, such as those listed above. Besides, does anyone think all keys will be registered? Hiding bits is a relatively easy thing to do. This key registration proposal is more odious than the "backdoors in telecom equipment" proposal discussed here recently. Can we remain silent as our liberties are taken away? I think it was John Gilmore who said: "If encryption is outlawed, only outlaws will have encryption." -- ......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. ------------------------------ Date: Mon, 26 Oct 92 20:32:18 -0800 From: karn@qualcomm.com (Phil Karn) Subject: A response to Dorothy Denning on RISKS David Willcox spoke of the obvious risks of registering encryption keys with some agency. Dorothy Denning responded in RISKS 13.86 that the "risk can be reduced to about zero" and described a mechanism. Yet neither elaborated on just what specific risks are to be protected against. Denning chooses to ignore one obvious class of risks: defective warrants, incompetence and/or outright corruption in the government and the key registration agency. The government has abused its wiretap facilities in the past (e.g., Operation Shamrock) and will do so again until the widespread use of strong cryptography stops it. Anyone who thinks that the warrant is a meaningful safeguard ought to consider what happened recently in Poway, California (just northeast of San Diego). Customs and DEA agents broke into an innocent man's house at midnight and exchanged gunfire with the owner, who quite reasonably thought his home was being invaded (the agents did not identify themselves). Last I heard, the owner was in critical condition in the hospital. After the shooting, neighbors overheard the leader telling his troops "Now get this straight. He shot first!" The sole basis of the warrant? A "tip" from an informer, already known by Customs to be unreliable. He admitted the next day that he had merely picked a house at random when the agents pressed him to "produce". The judge who approved this particular warrant obviously didn't scrutinize it very closely despite the clear potential for serious injury to an innocent person. It's not hard to imagine a judge being even less critical of an application for a wiretap warrant. "After all", he'll reason, "what harm can to you really do to an innocent person by just listening to his phone calls? It's not like the agents are asking for permission to break his door down." That's the whole problem with government wiretaps. They're easy and (from law enforcement's perspective) almost risk-free. Break down the wrong guy's door, and there's no way to keep it out of the papers. But tap the wrong guy's phone and he may never know. Warrants? Don't bother -- they leave paper trails, and are unnecessary unless you want to produce the recordings in court. There are many other uses for wiretaps that need not reveal one's "sources and methods". This is especially tempting with radio. ECPA or no ECPA, the fact is that it's incredibly easy to intercept analog cell phones and very hard to get caught doing it. Indeed, the government successfully opposed meaningful encryption in digital cellular, even though it would only protect the air link -- the land side of the call could still be tapped with the phone company's assistance. I wonder why. Okay, so maybe I'm paranoid. But I don't think so. A healthy distrust of government, particularly of those functions that are not always open to public scrutiny, is essential to a free society. Or so the authors of the Constitution seemed to think, even if the average person wouldn't mind repealing the Bill of Rights to help fight the drug war. But let's assume that we've found some saints to populate the entire Executive branch, so we can safely pass a law requiring crypto key registration. Exactly how would it be enforced? Routinely scan all private telephone conversations looking for bit streams that cannot be easily decoded? What about certain rare natural languages - ban them too? (Recall that the US military used Navajo radio operators in the Pacific during WWII as "human crypto machines" against the Japanese). So much for the First Amendment. Suppose you find an undecodable conversation that you actually have good reason to believe conceals criminal activity. How would you compel the users to reveal the key, if indeed they used a protocol that could be compromised in this way? According to several lawyers I've asked, including a law professor at the University of Wisconsin who specializes in the Fifth Amendment, a memorized crypto key would clearly be considered "testimonial" evidence that could not be compelled without a grant of immunity. So what do we do -- repeal the Fifth Amendment too? It is absolutely obvious to me that any attempt to control the private use of cryptography could not help but impinge on some very basic Constitutional guarantees. And yet it probably still wouldn't have the desired effect. It's already a cliche, but it's still true: when cryptography is outlawed, only outlaws will use cryptography. (And no, I *don't* believe the same is true for guns.) Phil ------------------------------ End of PRIVACY Forum Digest 01.23 ************************