BUILDING IN BIG BROTHER BUILDING IN BIG BROTHER The Cryptographic Policy Debate Edited by Lance J. HoHman Institute for Computer and Telecommunications Systems Policy and Department of Electrical Engineering and Computer Science School of Engineering and Applied Science The George Washington University Springer-Verlag New York Berlin Heidelberg London Paris Tokyo Hong Kong Barcelona Budapest Lance J. Hoffman Dept. of Electrical Engineering and Computer Science The George Washington University Washington, DC 20052 USA Cover illustration by John Plunkett with apologies to Antonio Prohias. (Spy vs. Spy characters are © E.C. Publications Inc. 1994 and are used with the kind pennission of MAD magazine.) This illustration first appeared on the cover of the June 1994 issue of WIRED magazine. © 1994 Wired Ventures Ltd. All rights reserved. Library of Congress Cataloging-in-Publication Data Building in big brother: the cryptographic policy debate / edited by Lance J. Hoffman. p. cm. Includes bibliographical references. ISBN 978-0-387-94441-8 1. Computer security. 2. Cryptography. I. Hoffman, Lance J. QA76.9.A25B85 1995 363.2'52--dc20 95-3758 Printed on acid-free paper. © 1995 Springer-Verlag New York, Inc. Reprint of the original edition 1995 All rights reserved. This work may not be translated or copied in whole or in part without the written pennission of the publisher (Springer-Verlag New York, Inc., 175 Fifth Avenue, New York, NY 10010, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any fonn of infonnation storage and re trieval, electronic adaptation, computer software, or by similar or dissimilar methodol ogy now known or hereafter developed is forbidden. The use of general descriptive names, trade names, trademarks, etc., in this publication, even if the fonner are not especially identified, is not to be taken as a sign that such names, as understood by the Trade Marks and Merchandise Marks Act, may accordingly be used freely by anyone. Production managed by Impressions, a division of Edwards Brothers, Inc. and supervised by Karen Phillips; manufacturing supervised by Jacqui Ashri. Typeset by Impressions, a division of Edwards Brothers, Inc. 9 8 7 6 5 432 1 ISBN-13: 978-0-387-94441-8 e-ISBN-13: 978-1-4612-2524-9 001: 10.1007/978-1-4612-2524-9 ISBN 978-0-387-94441-8 Springer-Verlag New York Berlin Heidelberg To Nina Preface The announcement of the Clipper chip by the U.S. Government in April 1993 set off a frenzy of discussions about cryptography policy in the technological community. The shock waves from it ultimately included front page treatment in The New York Times, repeated questions to the Vice President, creation of several new newsgroups on the Internet, and some very productive public discussions about striking the balance between national security, law enforcement, and civil liberties. We still don't have good answers for some of the questions that have been raised. As the Global Information Infrastructure is being built, we are writing portions of the Constitution for Cyberspace. I've been fortunate to have a front row seat and to share much of this with my students. The original reading and selection of materials was made by the first cohort of students* in The George Washington University Accel erated Master of Science Program in Telecommunications and Com puters at the Ashburn, Virginia campus. They worked many long hours-reading, debating, and selecting materials for this book. In addition, Bob Patton spent a great deal of time scanning and editing the material. Nestor Torres prepared the index. And Harish Nalinak shan provided an enormous amount of technical and administrative assistance and kept the project on track as new developments took place in the debate and new papers and legislation reflected these. As with most readings books, some of the selections cover similar material. We have tried to hold this duplication to an acceptable level. The original source of each article is noted with the article itself. In a few cases, previously unpublished material is making its debut in these pages. By bringing together the most significant policy and technological viewpoints in one place, we hope to move the debate along and to arrive at a rational cryptographic policy to support the developing Global In formation Infrastructure. Lance J. Hoffman Washington, D.C. November 1994 * Amjad (Jim) Arnous, Raleigh Baker, Cameron Craig Berry, Edward Paul Black, Christopher Bondi, Dan Byrne, John Morgan Day, Bruce Fleming, Raul Fumagali, Mi chael George, Lester Gregory, Lawrence Guidry, Michael Hassien, Leroy Jeter, Kim Law son-Jenkins, Ralph Leyrer, John McRae, Richard Mendelowitz, Husni (AI) Naja, Suparak Pathammavong, Everett Ray, Randall Root, Marie Wai Tai, Farley Warner, Jr., Jack Wiiki. vii Contents Preface vii Contributors xv Introduction 1 PART I Background 5 CHAPTER 1 Cryptography (from Julius Caesar through Public Key Cryptosystems): Methods to Keep Secrets Secret 7 1 Encryption 10 Deborah Russell and G. T. Gangemi, Sr. 2 Data Encryption Devices: Overview Technology Analysis 24 Rebecca J. Duncan, Datapro Information Services Group 3 Answers to Frequently Asked Questions about Today's Cryptography 33 RSA Laboratories 4 Cryptography in Public: A Brief History 41 Association for Computing Machinery, U.S. Public Policy Committee 5 Internet Privacy Enhanced Mail 51 Stephen T. Kent 6 Privacy in Today's Wireless Environment 76 Kim Lawson-Jenkins 7 Federal Information Processing Standards Publication 186 (1994 May 19): Specifications for the Digital Signature Standard (DSS) 84 U.S. Department of Commerce, Technology Administration, National Institute of Standards and Technology 8 Federal Information Processing Standards Publication 180 (1993 May 11): Specifications for the Secure Hash Standard (SHS) 87 U.S. Department of Commerce, Technology Administration, National Institute of Standards and Technology 9 Pretty Good Privacy: Public Key Encryption for the Masses 93 Philip Zimmermann ix x CONTENTS CHAPTER 2 Key Escrow Cryptosystems: Keeping Secrets Secret Except When. .. 109 1 The u.s. Key Escrow Encryption Technology 111 Dorothy E. Denning 2 SKIPJACK Review: Interim Report 119 Ernest F. Brickell, Dorothy E. Denning, Stephen T. Kent, David P. Maher, and Walter Tuchman 3 Protocol Failure in the Escrowed Encryption Standard 131 Matt Blaze 4 CAPSTONE Chip Technology 147 National Institute of Standards and Technology 5 Fair Cryptosystems 149 Silvio Micali 6 Software Key Escrow: A Better Solution for Law Enforcement's Needs? 174 Stephen T. Walker 7 A New Approach to Software Key Escrow Encryption 180 David M. Balenson, Carl M. Ellison, Steven B. Lipner, Stephen T. Walker 8 International Key Escrow Encryption: Proposed Objectives and Options 208 Dorothy E. Denning PART II Current Government Policy 227 CHAPTER 3 The U.S. Government Policy Solution: Key Escrow Cryptosystems, Policies, Procedures, and Legislation 229 1 Statement of the Press Secretary 232 The White House, Office of the Press Secretary 2 Statement of the Vice President 235 The White House, Office of the Vice President 3 Vice President's Letter to Representative Maria Cantwell 236 Albert Gore CONTENTS xi 4 Encryption-Export Control Reform 239 Martha Harris 5 Attorney General Makes Key Escrow Announcements 241 u.s. Department of Justice, Office of the Attorney General 6 Authorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to Title III and FISA 243 u.s. Department of Justice 7 Encryption Standards and Procedures Act of 1994 247 Staff, Committee on Science, Space, and Technology, U.S. House of Representatives 8 Comments on Encryption Standards and Procedures Act 257 Electronic Privacy Information Center CHAPTER 4 The Policy Debate: How Controlled a Global Information Infrastructure do We Want, and Who Decides' 263 1 The Cypherpunks vs. Uncle Sam 266 Steven Levy 2 Testimony Before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology of the U.S. House of Representatives 284 Dorothy E. Denning 3 Wiretaps for a Wireless Age 292 David Gelernter 4 Don't Worry Be Happy 295 Stewart A. Baker 5 So, People, We Have a Fight on Our Hands 302 Bruce Sterling 6 Jackboots on the Infobahn 307 John Perry Barlow 7 'Secret' Agency Steps Over the Line 316 Washington Technology 8 A Closer Look on Wiretapping 318 New York Times Editorial xii CONTENTS PART III Aspects of Cryptographic Policy 321 CHAPTER 5 Law Enforcement: What Does It Cost to Commit a Perlect Crime? 323 1 Digital Telephony and Communications Privacy Improvement Act of 1994 325 103rd Congress, 2nd Session 2 Summary Statement before the Subcommittee on Technology and the Law of the Committee on the Judiciary, United States Senate and the Subcommittee on Civil and Constitutional Rights of the Committee on the Judiciary, House of Representatives 343 Louis J. Freeh 3 EFF Statement on and Analysis of Digital Telephony Act 354 Electronic Frontier Foundation 4 EPIC Statement on Wiretap Bill 362 Electronic Privacy Information Center 5 Benefits and Costs of Legislation to Ensure the Government's Continued Capability to Investigate Crime with the Implementation of New Telecommunications Technologies 364 Department of Justice 6 Digital Telephony-Cost-Benefit Analysis 385 Betsy Anderson, Todd Buchholz 7 Digital Telephony-Cost-Benefit Analysis 387 David McIntosh, James Gattuso 8 Digital Telephony-Cost-Benefit Analysis 389 Ron Levy CHAPTER 6 Civil Uberties: Safeguarding Privacy (and More) in a Digital, Tappa&/e Age 391 1 The Impact of a Secret Cryptographic Standard on Encryption, Privacy, Law Enforcement and Technology 393 Whitfield Diffie 2 Genie Is Out of the Bottle 400 William M. Bulkeley 3 DPSWG Letter to President Clinton on Clipper 406 Digital Privacy and Security Working Group CONTENTS Xlll 4 Cryptographic Issue Statements: Letter to the Computer System Security and Privacy Advisory Board 409 American Civil Liberties Union 5 The Constitutionality of Mandatory Key Escrow-A First Look 413 A. Michael Froomkin 6 Review and Analysis of U.S. Laws, Regulations, and Case Laws Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications 435 James Chandler, Diana Arrington, Lamarris Gill, and Donna Berkelhammer 7 On Blind Signatures and Perfect Crimes 449 Sebastiaan von Solms and David Naccache CHAPTER 7 Export Policy: Prudent Controls in a Risley World or Making the World Sale for Foreign Competition? 453 1 Encryption's International Labyrinth 456 David S. Bernstein 2 Federal Policy Impact on U.S. Corporate Vulnerability to Economic Espionage 460 Geoffrey W. Turner 3 Testimony Before the Committee on the Judiciary Subcommittee on Technology and the Law of the United States Senate 477 Stephen T. Walker 4 Technology and Software Controls 507 Larry E. Christensen 5 State Department Ruling on Cryptographic Export Media 535 United States Department of State 6 Constitutionality Under the First Amendment of ITAR Restrictions on Public Cryptography 537 John M. Harmon Afterword 549 List of Acronyms 553 Index 555