Newsletter

The Sixth Conference on Computers, Freedom, and Privacy


International Developments in Cryptography

By Daniel C. Stevenson

The Thursday morning CFP96 session on cryptography was the stage for an at-times heated debate about government control of cryptography. The session was introduced by Dorothy Denning of Georgetown University, who gave a rapid-fire overview of recent developments in international cryptographic standards and work by government and business organizations.

Denning then introduced the two panelists: Michael Nelson, one of the White House's chief information technology experts and architects of cryptographic control policy, and Nick Mansfield, who oversees electronic communications issues for the Shell oil companies.

Nelson was by far the most controversial panelist at CFP96 -- his introductory statements and answers to questions were frequently drowned out with shouts from hecklers, and even his name badge for the conference was not immune: it had been changed to read "Dr. Clipper", in reference to the much-maligned Clipper Chip proposal of several years ago.

Following Nelson's presentation on U.S. policy, Mansfield -- the man who has to "meet the rubber with the road" according to Denning -- gave his business perspective on the need for internationl cryptography standards.

The session concluded with about 20 minutes of questions, the bulk of which were directed at Nelson.

U.S. cryptopolicy overview

Nelson began his overview of U.S. government issues with a list of the three things he learned about public speaking: speak slowly and clearly, always know if the press is in the room, and don't speak when 95 percent of the audience disagrees with you, which met with scattered laughter and applause. Throught the opening statements and discussions, members of the audience clapped, shouted, booed, and hissed at various statements.

Declaring the Clipper Chip as "not a market success", Nelson said it had at least one benefit: it focused national attention on cryptographic control issues.

The administration's goal in developing a successor to Clipper has been "to provide users with global encryption solutions they can trust and to protect their privacy and copyright secrets," Nelson said, stressing the words "global" and "trust."

But there is a catch: "Good encryption that you and I can use for our privacy can be used by criminals and terrorists" to plot organized crime, bomb attacks, and other illegal activity without the fear of government detection, he said.

With the goal of good, global, trustworthy encryption tempered by the threat of crime and terrorism, the challenge, Nelson said, was "to find encryption solutions that do not unnecessarily hinder the ability of law enforcement and intelligence agencies to do their jobs."

The stakes of meeting this challenge are huge, Nelson said. The positive effects would be an immense boost to the commercial sector: whole new industries, increased global market share for software and hardware. But on the other hand, failing to meet the challenge would result in the loss of thousands of lives, nuclear proliferation, an increase in the drug trade, and a host of other criminal problems.

Nelson's claims throughout the discussion about these threats of unregulated cryptography were met with a healthy and vocal skepticism from many members of the audience.

The administration's current policy is to apply no controls on domestic use or import of encryption products, to make no change in existing strong privacy laws, to provide for the export of mass market encryption software with key length of up to 40 bits, and to consider the export of stronger products depending on strength, algorithm, and end user, Nelson said.

Government and business groups are now working on a successor to Clipper: a way to provide government key escrow that is acceptable to all sectors, or, Nelson said, at least makes all groups involved equally unhappy.

A big part of the debate is the maximum key length, Nelson said. Users want a long key, law enforcement was shorter keys, and when escrow is involved, many other considerations come to play in determining appropriate key length.

Given the current situation, Nelson proposed several questions to the audience; "What is holding back the adoption of cryptography today?"; "With key escrow, how do we determine who gets access to the keys?"; "How do we build a U.S. key escrow system acceptable to other countries?"; "How do we validate that it works?"; "How do you build the necessary infrastructure?"

Nelson forecast four possible outcomes of the cryptographic control debate. First, he saw "cryptochaos" -- varying rules and regulationss in different countries, with no hope of global sanity. Although this scenario met with applause from the audience, Nelson warned that it is the best scenario for law enforcement: in this situation, cryptography is not widely used and often not securely implemented.

Next, he saw "key escrow world" in which a government key escrow system was adopted. This would be the best scenario for industry and individual users, and would work well internationally, Nelson said.

The third possible scenario is a combination of the first two, Nelson said. Some key escrow solutions would exist, but there would not be any standardization or global compatibilities.

And finally, there could be a situation in which there were no controls on any cryptography. Despite the favorable audience reaction, Nelson reiterated that "you're not going to see that, not in this country, not in any country."

A business perspective

Mansfield spoke next, primarily about his experience and perspective on the use of encryption in real life big business. The Shell companies are a $17 billion conglomerate of 200 small and large companies, covering everything from oil rigs and tankers to refineries and gas stations. Mansfield estimated the number of people who use internal e-mail at Shell at well over 500,000.

"From my perspective as the one who has to meet the road with the rubber, it is a high cost" to the company to use proprietary cryptography solutions, Mansfield said. The Shell companies can meet their cryptography needs, but it is far from easy. Mansfield said his company has a strong need for an open, voluntary, and rapid consensus on international standards.

The Shell companies have a need for cryptography for many reasons, including thwarting economic espionage by various countries, corporate espionage by other companies, and dealing with complex information broking arrangements.

Mansfield acknowledged that the U.S. National Security Agency probably spies on his company in the legitimate national interest, but he said he is "neither affronted nor upset" by that fact -- it is a consequence of "life in the global village".

Businesses need a solution now, Mansfield said. The European Commission has been discussing solutions by the end of the century, but "we have to solve these problems today," he said. Meeting import and export regulations and navigating the maze of inconsistent, incompatible cryptographic controls is "a nightmare" that is only getting more complex.

Mansfield emphasized that he was against "black box" security, a stance which met with initial applause from the audience. "I say it for a different reason," he responded. First, he cannot sell a technology he knows nothing about to the business and the shareholders. Second, Shell's operating companies won't use something which is a black box. And finally, "we have to control our business -- we will escrow our keys," he said. "That is not because we're invading the privacy of our operating companies but simply because we would not be responsible for our business" if we couldn't monitor it, he said.

Mansfield concluded with an endorsement of the X.509 "cryptographic passport" proposal. The groups working on that idea "right now have a total disconnect between technical and policy -- there is no point in having policy if the technological infrastructure won't support it", and vice versa, but some progress is being made, he said.

Discussion

The discussion was almost exclusively focused on Nelson's presentation and U.S. government cryptography policy.

In response to the first question, Nelson emphasized that the administration is not in favor of outlawing non-escrowed cryptography in America. "I didn't talk about the Bill of Rights but we do think that's important," he said.

One questioner observed that of all of the wiretap requests by law enforcement agencies since 1988 have been approved. Given that record, he asked how Nelson could assure that personal privacy would be protected with a government key escrow system.

"The fact that those [wiretap requests] were approved means that the proper evidence was provided," Nelson said. The same limits will be placed on key escrow as have been in place for many years on wiretap procedures. Denning pointed out that today federal agencies have a rigorous internal evaluation process that all wiretap requests must pass before they can go to a judge.

To much applause, one audience member said that while Nelson said "people want cryptography and the government needs access" he got it backwards: "people need cryptography, and the government wants access."

In response to a question about the relevance of the Oklahoma City to the cryptography regulation debate, Nelson responded that he was not saying that key escrow would have prevented that attack. Small terrorist cells can do a great deal of damage and get away with it, he acknowledged.

"But if you have terrorist cells that can operate across international borders" then encrypted communications become an issue, he said.

The next questioner asked about the role of small business in the cryptography debate. Mansfield pointed out that the large corporations dominate the field at the top and individual users drive another large segment, but small business does not really have an established presence in the debate. Shell, for instance, will handle the cryptographic and electronic communication needs of its smaller partners, but that is not the ideal situation, he said.

"The horse is out of the barn," declared the next questioner, in reference to widely available strong cryptographic software such as PGP. Nelson and the government won't be able to stop the kind of cryptography that has already been "turned loose on the net," he said.

Nelson responded that most of the software available worldwide is defective and ineffective; while the horses may be out of the barn, "most of the horses are lame."

A questioner asked about the recent Leahey bill to reduce the export controls on strong cryptography. Nelson said that while the bill had some useful features, the administration would oppose it in its present form.

In response to a question about freedom fighters using cryptographic communications in their struggle to overthrow regimes that may not be wholly unfriendly to the United States, Nelson asked if using a U.S.-escrowed system would have hindered the fighters' cause in any way.

The final question dealt with the inevitability of the outlaw of private encryption. "How long do we have to find the silver bullet" of the perfect cryptography solution "before the FBI comes to you and says the body count is getting to high" and demands an immediate clamp down on private encryption, the questioner asked Nelson.

The FBI's patience is not the problem, Nelson said. Rather, he worries about a nightmare scenario: a crime is committed of the order of the Oklahoma City bombing or the World Trade Center bombing in which the government would have had the perpetrators under surveillance, but would have been unable to read their encrypted communications. Then, the demand for a clamp down would come from the American people, local law enforcement, and Congress.

Mansfield said it is not a question of if the "silver bullet" will avert the outlaw of cryptography, but when cryptography will be outlawed. "My belief is that encryption will be outlawd in some shape or form in the future -- if not in this country, somewhere else -- and it will spread," he said.


[ CFP96 Newsletter | CFP96 | CFP | general info ]

Comments and bug reports to Daniel C. Stevenson