|Transmittal letter from FBI Director William S. Sessions to National Security Council official George J. Tenet, February 1993, forwarding a report prepared by FBI, NSA and DOJ and titled "Encryption: The Threat, Applications, and Potential Solutions". The report was classified SECRET and called for a national policy prohibiting cryptography that does not ensure real-time access to law enforcement. U.S. administrations continue to insist that they do not support domestic restrictions on encryption technology. The redacted document shown here was obtained in 1996 under the Freedom of Information Act by the Electronic Privacy Information Center.|
We are at one of those important cusp points in history. The technologies
of networks and of encryption make it very easy for exciting new structures
to develop (cryptoanarchy, privacy, transnational entities, persistent
organizations, anonymous systems, digital banks). But the same technologies
make it possible for a cyberspatial police state to develop. The race is
-- Tim May, "The Coming Police State," (March 1994)
There is a very real and critical danger that
unrestrained public discussion of cryptologic matters will seriously
damage the ability of this government to conduct signals intelligence
and the ability of this government to carry out its mission of
protecting national security information from hostile
-- Admiral Bobby Ray Inman (then Director of the NSA, 1979)
Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others
who deem only themselves worthy of such Privilege."
--Vin McLellan, A thinking man's creed for crypto
issue of encryption is resolved soon, criminal conversations over the telephone
and other communications devices will become indecipherable by law enforcement.
This, as much as any issue, jeopardizes the public safety and national security
of this country. Drug cartels, terrorists, and kidnappers will use telephones
and other communications media with impunity knowing that their conversations
are immune from our most valued investigative technique.
--FBI Director Louis Freeh, Testimony before the House Judiciary Committee, March 30, 1995
Encryption technology, once the province only of affluent
countries, had, with the advent of personal computers, become readily
available to the humblest citizen in America and other technically
advanced countries, and an unexpected spin-off of that fact was the
current availability of highly advanced communications-security
apparatus to the humblest nations. Now Malaysia had codes nearly as
hard to break as Russia's -- and so did Iraq, courtesy of Americans
who worried about having the FBI read their fictitious e-mail
-- Tom Clancy, Executive Orders, 1996
We propose to permit the export of 56-bit key length Data Encryption
Standard (DES) encryption products, without key recovery, on the same
terms as we now permit the export of 40-bit key length products. This
relaxation would last two years, renewable annually thereafter. Export
licenses would be contingent on exporters' commitment and adherence to
explicit benchmarks and milestones for developing and incorporating
key recovery into their products (including an identified trusted
part) and building the supporting infrastructure internationally. Once
key recovery is globally viable, only such products would be licensed
-- Memo from CIA Director John Deutch to President Clinton, September 15, 1996, describing the Administration's plan for "liberalizing" export restrictions on encryption technology.
There is one comforting conclusion which is easy for
a real mathematician. Real mathematics has no effects on war. No one
has yet discovered any warlike purpose to be served by the theory of
numbers or relativity, and it seems very unlikely that anyone will do
so for many years.
-- G.H. Hardy A Mathematician's Apology, 1940
Bernstein v. U.S. Dept. of State, et. al.
On February 21, 1995, the Electronic Frontier Foundation filed suit against the government on behalf of Prof. Dan Bernstein of the University of Illinois. The basis for the suit was the State Department's denial of Bernstein's request for permission to publish a paper on an cryptographic algorithm he invented when he was a graduate student at Berkeley. The suit claims that this is an unconstitutional restriction of speech in that algorithms and source code are protected expression under the First Amendment.
In December 1996 the U.S. District Judge Marilyn Patel ruled in favor of Bernstein, in effect striking down the State Department export regulations. The decision was somewhat moot, however, because a few weeks later the government transferred regulation of crypto export controls from the Department of State to the Department of Commerce. EFF renewed the suit against Commerce, arguing that the jurisdictional transfer did not change the underlying issues.
In August 1997, Judge Patel once again ruled in favor of Bernstein:
"The court declares that the Export Administration Regulations . . . insofar as they apply to or require licensing for encryption and decryption software and related devices and technology, are in violation of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional as discussed above, and shall not be applied to plaintiff's publishing of such items, including scientific papers, algorithms or computer programs."Although this decision technically strikes down the export control laws, the government filed an emergency request, and Patel agreed to stay her order until the Appeals Court could rule on her decision. The case was heard by the 9th Circuit Court of Appeals in San Francisco in December, 1997. In May 1999, the Court ruled 2-1, upholding Judge Patel's decision. In June 1999, the Government petitioned for a rehearing, and that petition is still being considered (as of August 1999).
Here is a
of the case provided by the Electronic Frontier Foundation.
Complete documentation on the case can be found at
Bernstein's web site for the case.
For several years, this discussion was carried out on the Cypherpunks
mailing list, which served as a major forum for discussion of
cryptography and privacy. The list still exits, but it has
degenerated over the past year due to a deluge of spam (and the
resulting flames about whether cypherpunks ought to restrict spam).
In 1994, Tim May, one of the founders of the list and a major
contributor, published a large compendium of
material called the
Cyphernomicon -- WARNING: it is long (1.3Mbytes!). Before
attempting to download it, read the README file that explains
the format. It would be a good idea to first look over the table of
contents so you can find your way around the long document.
Also, before looking at the whole thing, you should read the following
pieces by May:
Constitutionality of domestic controls on encryption
Several countries, including France, Israel, and Russia, impose
control on the domestic use of encryption by their citizens. Would
such controls be Constitutional in the U.S.? The answer is apparently
not clear. Here are some resources on this question:
It's not only the FBI that views the spread of strong cryptography as
a threat to government authority. Since around 1992, an informal
group of techno-libertarians, who have become known as
the Cypherpunks, have been theorizing about how the ability to
keep communications private can lead to cryptoanarchy. Given
their libertarian bent, they tend to view this as a healthy counter to the
increased power of government and the growth of the surveillance
Technical background on Cryptography
We won't deal much with the technical aspects of cryptography -- there
are other MIT subjects that cover this. But if you're
curious, there are lots of good sources of information.
Bert-Jaap Koops, Crypto Law
Survey. An extensive survey of current and proposed cryptography
For several years, this discussion was carried out on the Cypherpunks mailing list, which served as a major forum for discussion of cryptography and privacy. The list still exits, but it has degenerated over the past year due to a deluge of spam (and the resulting flames about whether cypherpunks ought to restrict spam).
In 1994, Tim May, one of the founders of the list and a major contributor, published a large compendium of cypherpunk material called the Cyphernomicon -- WARNING: it is long (1.3Mbytes!). Before attempting to download it, read the README file that explains the format. It would be a good idea to first look over the table of contents so you can find your way around the long document. Also, before looking at the whole thing, you should read the following pieces by May:
Counterpane Systems' WWW Cryptography Article Database
Last modified: September 15 2018, 3:45 PM