6.805/STS085: Readings on Encryption and National Security

• Required readings for this topic

• The Encryption Controversy, 1994-1997
  • 1994: The Digital Telephony Act (CALEA)
  • 1994: Clipper (The Escrowed Encryption Standard)
  • 1995-97: From Clipper to Key Recovery
• Constitutional issues
  • Legal Challenges to Encryption Export Regulations
  • Constitutionality of domestic controls on encryption
• Cryptoanarchy
• Technical background on Cryptography
• More information

• General course readings
• Course home page

Transmittal letter from FBI Director William S. Sessions to National Security Council official George J. Tenet, February 1993, forwarding a report prepared by FBI, NSA and DOJ and titled "Encryption: The Threat, Applications, and Potential Solutions". The report was classified SECRET and called for a national policy prohibiting cryptography that does not ensure real-time access to law enforcement. U.S. administrations continue to insist that they do not support domestic restrictions on encryption technology. The redacted document shown here was obtained in 1996 under the Freedom of Information Act by the Electronic Privacy Information Center.

We are at one of those important cusp points in history. The technologies of networks and of encryption make it very easy for exciting new structures to develop (cryptoanarchy, privacy, transnational entities, persistent organizations, anonymous systems, digital banks). But the same technologies make it possible for a cyberspatial police state to develop. The race is on. -- Tim May, "The Coming Police State," (March 1994)

There is a very real and critical danger that unrestrained public discussion of cryptologic matters will seriously damage the ability of this government to conduct signals intelligence and the ability of this government to carry out its mission of protecting national security information from hostile exploitation. -- Admiral Bobby Ray Inman (then Director of the NSA, 1979)

Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." --Vin McLellan, A thinking man's creed for crypto

Unless the issue of encryption is resolved soon, criminal conversations over the telephone and other communications devices will become indecipherable by law enforcement. This, as much as any issue, jeopardizes the public safety and national security of this country. Drug cartels, terrorists, and kidnappers will use telephones and other communications media with impunity knowing that their conversations are immune from our most valued investigative technique. --FBI Director Louis Freeh, Testimony before the House Judiciary Committee, March 30, 1995

Encryption technology, once the province only of affluent countries, had, with the advent of personal computers, become readily available to the humblest citizen in America and other technically advanced countries, and an unexpected spin-off of that fact was the current availability of highly advanced communications-security apparatus to the humblest nations. Now Malaysia had codes nearly as hard to break as Russia's -- and so did Iraq, courtesy of Americans who worried about having the FBI read their fictitious e-mail adulteries. -- Tom Clancy, Executive Orders, 1996

We propose to permit the export of 56-bit key length Data Encryption Standard (DES) encryption products, without key recovery, on the same terms as we now permit the export of 40-bit key length products. This relaxation would last two years, renewable annually thereafter. Export licenses would be contingent on exporters' commitment and adherence to explicit benchmarks and milestones for developing and incorporating key recovery into their products (including an identified trusted part) and building the supporting infrastructure internationally. Once key recovery is globally viable, only such products would be licensed for export. -- Memo from CIA Director John Deutch to President Clinton, September 15, 1996, describing the Administration's plan for "liberalizing" export restrictions on encryption technology.

There is one comforting conclusion which is easy for a real mathematician. Real mathematics has no effects on war. No one has yet discovered any warlike purpose to be served by the theory of numbers or relativity, and it seems very unlikely that anyone will do so for many years. -- G.H. Hardy A Mathematician's Apology, 1940

Required Readings

• Barlow, Jackboots on the Infobahn
• Overview and summary recommendations of the NRC Report, Cryptography's Role in Securing the Information Society
• A few of the articles from 1997 on the crypto debate.
• Greg Rawlins, Too many secrets

• Herbert N. Foerstel, Secret Science: Federal Control of American Science and Technology. This is a history of US Government control of scientific information. Chapters 4 (cryptography) and 5 (sensitive, but not classified information) are especially relevant, but the entire book is good reading and gives a valuable historical perspective. On reserve for the course.

• Karn v. U.S. Department of State [Discussion to be added.] See Karn's archive on the case. There is also an archive of legal documents maintained by the Electronic Frontier Foundation.
• Junger v. Daley [Discussion to be added.] Look here for information.

Bernstein v. U.S. Dept. of State, et. al.

On February 21, 1995, the Electronic Frontier Foundation filed suit against the government on behalf of Prof. Dan Bernstein of the University of Illinois. The basis for the suit was the State Department's denial of Bernstein's request for permission to publish a paper on an cryptographic algorithm he invented when he was a graduate student at Berkeley. The suit claims that this is an unconstitutional restriction of speech in that algorithms and source code are protected expression under the First Amendment.

In December 1996 the U.S. District Judge Marilyn Patel ruled in favor of Bernstein, in effect striking down the State Department export regulations. The decision was somewhat moot, however, because a few weeks later the government transferred regulation of crypto export controls from the Department of State to the Department of Commerce. EFF renewed the suit against Commerce, arguing that the jurisdictional transfer did not change the underlying issues.

In August 1997, Judge Patel once again ruled in favor of Bernstein:

"The court declares that the Export Administration Regulations . . . insofar as they apply to or require licensing for encryption and decryption software and related devices and technology, are in violation of the First Amendment on the grounds of prior restraint and are, therefore, unconstitutional as discussed above, and shall not be applied to plaintiff's publishing of such items, including scientific papers, algorithms or computer programs."

Here is a summary of the case provided by the Electronic Frontier Foundation. Complete documentation on the case can be found at Bernstein's web site for the case.

Constitutionality of domestic controls on encryption

• A. Michael Froomkin, "The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution", (Univ. Penn. Law Rev., vol. 709, 1995). This is a monumental (175 pages) analysis of the constitutional issues surrounding cryptography. The heart of the monograph is a discussion of whether mandatory key escrow would be constitutional. Froomkin emphasizes that the degree of constitutional protection accorded to encrypted communications will hinge on the metaphors that the courts adopt for viewing them: whether they are like languages, vaults, houses, or "cars on the information highway." There are also excellent overviews of modern cryptography and the Clipper proposal. Even though this is a long piece, it is well worth having a look at, both for its insightful and provocative legal analysis and because it collects in one place most of issues in the Clipper debate (through the end of 1994).

• In March 1996, the Sixth Conference on Computers, Freedom and Privacy, held at MIT, conducted a moot Supreme Court hearing on the question of whether prohibiting domestic use of unescrowed encryption would be Constitutional. The material prepared for the session includes briefs and memoranda on both sides of the issue, together with oral arguments conducted before a panel of Federal judges (and available on the web in RealAudio format). Even though this was a pretend trial, not a real one, the lawyers (and the judges) are real, and this is a thorough exploration of the legal arguments, as well as a good preview of what could happen if domestic controls were enacted.

In 1994, Tim May, one of the founders of the list and a major contributor, published a large compendium of cypherpunk material called the Cyphernomicon -- WARNING: it is long (1.3Mbytes!). Before attempting to download it, read the README file that explains the format. It would be a good idea to first look over the table of contents so you can find your way around the long document. Also, before looking at the whole thing, you should read the following pieces by May:

• "The Crypto Anarchist Manifesto"
• "The Coming Police State"
• "Cyberspace, Crypto Anarchy, and Pushing Limits"
• "Crypto Anarchy and Virtual Communities"

• Christopher Anvil, "Gadget vs. Trend." This isn't about encryption at all. Rather, it is a whimsical science fiction story originally published in Analog in 1962, which was prophetic of some of the "cryptoanarchy" issues that are coming to the front with the emergence of secure encryption. Ironically, Anvil's predicted date for the release of the imaginary "Quiet Wall" invention (1976) coincided with the invention of public-key cryptography. (Copies will be distributed in class.)

• Phil Zimmermann, Why Do You Need PGP?. This is the introduction to volume 1 of the PGP User's Guide, describing the need for private communications. Although not a cryptoanarchist, Phil Zimmermann became one of the first and most famous cryto-activists, through his publication of Pretty Good Privacy (PGP), whose creation was sparked in 1991 by an early predecessor of the Clipper initiative. PGP, which, is distributed for free by MIT (see the MIT PGP page) has become an extremely popular program for E-mail encryption.

• Introduction to Blacknet. This was a hoax perpetrated by Tim May in 1993. (But the truly paranoid on the Net are of course not convinced, and at least one FBI agent was asking about it at MIT.) As an amusing aside, the Blacknet public key was broken in June, 1995 as a demonstration of modern factoring techniques.

• Nicolas Wade, "Method and Madness: Little Brother", from The New York Times Magazine, September 4, 1994. This is a thoughtful piece on the tradeoffs between security and privacy, and the implications of "democratization of high technology."

• Josh McHugh, Politics for the really cool, Forbes Magazine, September 8, 1997. This article emphasizes the implications of strong cryptography for tax collection and financial transactions. What else would you expect from Forbes?

• Network and Computer Security MIT's popular undergrduate subject 6.857, which includes a lot of material on encrytion. The notes are from the 2003 offering.

• The Cryptography FAQ. This is another comprehensive information source.

• Bruce Schneier, Applied Cryptography. John Wiley & Sons, 2nd rev. ed., 1995. This is an outstanding book on the basics of modern cryptography and its applications.

• The Venona Project. This is a fascinating site to look at if you are interested in cryptography. Venona was the code name for the U.S. Signals Intelligence effort begun in 1943 to collect and decrypt the text of Soviet KGB and GRU messages, messages that provided extraordinary insight into Soviet attempts to infiltrate the U.S. Government. The NSA has declassified thousands of these documents and made them available at their web site, together with information about their decryption.

Counterpane Systems' WWW Cryptography Article Database

Last modified: May 20 2021, 8:14 AM