Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

Google
 
Web cryptome jya.com eyeball-series.org cryptome.cn

16 November 1997
Source: Hardcopy of The Electronic Privacy Papers, 747 pp. $60

For discounted online purchase: http://www.counterpane.com/privacy.html 

To: Cypherpunks@cyberpass.net
Subject: mini-review: The Electronic Privacy Papers
Date: Sun, 16 Nov 1997 10:49:52 -0500
From: David HM Spector <spector@zeitgeist.com>


This has got to be the "Book of the Year"...If you only read one book
before the end of the year, or even one book ALL of next year, this is
the book you MUST read:

		    The Electronic Privacy Papers
		  by Bruce Schneier and David Banisar
	  Wiley Computer Publishing/John Wiley & Sons, Inc.
			 ISBN: 0-471-12297-1

I just got it this morning, and cruised though the first chapters (I'm
a fast reader...) and its positively explosive.

The book consists of information gleaned from public sources and pried
out of the Government via the Freedom of Information Act (FOIA) and
logically takes the reader through a chronological history of
government surveillance and public reactions to it.

Schneier and Banisar examine the arguments for and against state
surveillance and how these policies are formulated and how (from my
reading so far) they are often implemented with little or no public
discussion or input by agencies that seem to deeply distrust and
dislike the lawmaking process and constitutional protections that are
supposed to protect Americans from overzealous agents and Government
abuse.

Positively riveting....

For you Amazon.com junkies, here's the URL:

   http://www.amazon.com/exec/obidos/ats-query/9615-8912043-502933

-------------------------------------------------------------------------------
David HM Spector                                          spector@zeitgeist.com
	         Network Design & Infrastructure Security

The Electronic Privacy Papers

Documents on the Battle for Privacy in the Age of Surveillance

Bruce Schneier
David Banisar

WILEY COMPUTER PUBLISHING
JOHN WILEY & SONS, INC.
New York • Chichester • Weinheim • Brisbane • Singapore • Toronto

Copyright © 1997 by John Wiley & Sons, Inc.

ISBN 0-471-12297-1

Contents

Foreword

--Hon. John Anderson

Preface


PART I   PRIVACY AND THE INFORMATION SNOOPERHIGHWAY

Chapter 1  Roadblocks on the Information Superhighway

The Information Snooperhighway

The Future of Privacy


PART II   WIRETAPPING

Chapter 2  Overview of Wiretapping

2.1 Report on Applications for Orders Authorizing or Approving the Interception of Wire, Oral, or Electronic Communications (Wiretap Report)
--Statistics Division, Administrative Office of the US. Courts - May 1995

2.2 Can Wiretaps Remain Cost Effective?

--Robin Hanson - December 1994, Communications of the ACM

2.3 Public Attitudes Toward Wiretapping, U.S. Department of Justice

--Sourcebook of Criminal Justice Statistics, 1992, Table 2. 52 - 1993

2.4 Olmstead v. US, Dissent

--Justice Louis Brandeis & Justice Holmes - June 4, 1928


PART III   LOBBYING FOR SURVEILLANCE:
THE DIGITAL TELEPHONY PROPOSAL

Chapter 3  Government Pronouncements: The Digital Telephony Proposal

3.1 H. Rept. 103-827, Conference Report on H.R. 4922 (excerpts)
--House Judiciary Committee - October 4,1994

3.2 Communications Assistance for Law Enforcement Act of 1994

--Public Law 103-414 - October 25, 1994

3.3 Law Enforcement Requirements for the Surveillance of Electronic Communications

--Federal Bureau of Investigation - June 1994

3.4 Speech before the American Law Institute (FBI Director Louis J. Freeh)

--FBI Director William Freeh - May 19, 1994


Chapter 4  Behind the Curtain: Operation Root Canal

4.1 An Overview: Pre-Wiretapping Telephones: Operation Root Canal
--David Banisar - July 1996

4.2 Legislative Strategy for Digital Telephony

--Brent Scowcroft - January 17, 1992

4.3 Memorandum for the President

--Brent Scowcroft - December 29, 1991

4.4 Technological, Competitiveness, and Policy Concerns

--National Telecommunications and Information Agency, U.5. Department of Commerce - February 6, 1992

4.5 Teletype "Digital Telephony"--Request for Briefing by the Special Agents in Charge

--FBI Director William Sessions - March 23, 1992

4.6 Digital Telephony Industry Meeting Information Memorandum

--FBI Director William Sessions - April 10, 1992

4.7 Justice Revised Proposed Draft on Justice Draft Bill Digital Telephony

--Lonnie P. Taylor, General Services Administration - May 7, 1992

4.8 Department of Justice Responses to GSA Comments on Digital Telephony Legislation

--US. Department of Justice

4.9 Benefits and Costs of Legislation to Ensure the Government's Continued Capability to Investigate Crime with the Implementation of New Telecommunications Technologies

--Federal Bureau of Investigation - 1992

4.10 Digital Telephony--Cost-Benefit Analysis

--Betsy Anderson and Todd Buchholz, The White House - May 22, 1992

4.11 Digital Telephony

--David McIntosh and James Gattuso, Office of the Vice President - May 22, 1994

4.12 Department of Justice's Cost Analysis, Digital Telephony, D-867

--Ron Levy, Treasury - May 26, 1992

4.13 Digital Telephony Information Memorandum (7/17/92)

--FBI Director William Sessions - May 26, 1992

4 .1 4 Airtel, Digital Telephony Legislative Initiative

--FBI Director William Sessions - July 17, 1992

4.15 Survey of Problems Encountered in Conducting Authorized Electronic Surveillance as Reported by FBI Field Offices

--FBI - June 30, 1994

4.16 Letter to Peter Cassidy on NSA Role in Digital Telephony Proposal

--Louise A. Baer, National Security Agency - November 30, 1994


Chapter 5  Digital Telephony: The Public Response

5.1 Keep Snoops Off-Line
--Editorial - USA Today - March 7, 1994

5.2 A Closer Look on Wiretapping

--Editorial - The New York Times - June 12,1994

5.3 Statement of AT&T Corporation Before the House Committee on Civil and Constitutional Rights and Senate Subcommittee on Technology and the Law

--AT&T Corporation - August 11, 1994

5.4 Testimony before the Subcommittee on Telecommunications and Finance Committee, U.S. House of Representatives

--Roy Neel, US. Telephone Association - September 13, 1994

5 . 5 Letter to Congressman Jack Brooks

--American Civil Liberties Union - September 22,1994

5.6 Letter to Senator Malcolm Wallop

--Marc Rotenberg and David Sobel, Electronic Privacy Information Center - October 6, 1994


PART IV   CRYPTOGRAPHY

Chapter 6  Cryptography: The Cure for the Common Bug

6.1 Cryptography Primer
--Bruce Schneier - 1995

6.2 Who Owns Cryptography?

--Carl M. Ellison - September 7, 1994

6.3 E-Mail Security

--Bruce Schneier - Dr. Dobb's Information Highway Sourcebook - Winter 1994

6.4 A Cypherpunk's Manifesto

--Eric Hughes - March 9, 1993


PART V   THE BATTLE FOR CONTROL OF CRYPTOGRAPHY

Chapter 7 The Field of Battle: An Overview

Overview

Who Will Watch the Watchers?

The Early Days

The Data Encryption Standard

Classification and Secrecy: Executive Orders, Directives, and Policies

Congress Steps In: The Computer Security Act of 1987

The Digital Signal Standard

The Clipper Chip and Key Escrow

Clipper with a Happy Face: Commercial Key Escrow

Export Controls

Conclusion

Notes


Chapter 8   Early Skirmishes

8.1 Executive Order
--President Harry S. Truman - October 24, 1952

8.2 The NSA Perspective on Telecommunications Protection in the Nongovernmental Sector

--Admiral Bobby Inman - 1979

8.3 National Security Decision Directive (NSDD) 145

--National Security Council - September 17, 1984

8.4 National Policy on Protection of Sensitive, but Unclassified Information in Federal Government Telecommunications and Automated Information Systems, National Telecommunications and Information Systems Security Policy (NTISSP 2)

--Admiral John Poindexter - October 29, 1986

8.5 House Committee on Science, Space and Technology Report on the Computer Security Act of 1987 (H.R. 145)

--U.S. Congress - June 11, 1987 (excerpts)

8.6 Memorandum (NSDD-145 and the Computer Security Act)

--Dr. Clinton Brooks - April 28, 1992

8.7 Memorandum of Understanding between the Director of the National Institute 401 of Standards and Technology and the Director of the National Security Agency Concerning the Implementation of Public Law 100-235

--Raymond G. Kammer (NIST) and W O. Studeman (NSA) - March 23, 1989

8.8 S-266, Omnibus Crime Bill of 1991, § 2201, Cooperation of Telecommunications Providers with Law Enforcement

--U.S. Congress - 1991

8.9 Congressional Record 137 Cong. Rec. S1159-03 (Floor Statement on S-266)

--Senator Joseph Biden - 1991


Chapter 9  The Clipper Chip Proposal

9.1 Statement by the Press Secretary
--The White House - April 16, 1993

9.2 Questions and Answers About the Clinton Administration's Telecommunications Initiative

--The White House - April 16, 1993

9.3 Announcement of Clipper Adoption, Statement of the Press Secretary

--The White House - February 4, 1994

9.4 Fact Sheet: Public Encryption Management

--The White House - February 4, 1994

9.5 Working Group on Data Security

--The White House - February 4, 1994

9.6 Questions and Answers about the Clinton Administration's Encryption Policy

--The White House - February 4, 1994

9.7 Attorney General Makes Key Escrow Encryption Announcements

--U.S. Department of Justice - February 4, 1994

9.8 Authorization Procedures for Release of Encryption Key Components in Conjunction with Intercepts Pursuant to Title III

--U.S. Department of Justice - February 4, 1994

9.9 Approval of Federal Information Processing Standards Publication 185, Escrowed Encryption Standard (EES)

--U S. Department of Commerce and National Institute of Standards and Technology - February 9, 1994 (excerpts)

9.10 Clipper Chip Technology

--National Institute of Standards and Technology - April 1993

9.11 Capstone Chip Technology

--National Institute of Standards and Technology -April 1993

9.12 Testimony Before the House Science, Space and Technology Committee's Technology, Environment, and Aviation Subcommittee

--Dr. Clinton Brooks, Assistant-Director, NSA - May 3, 1994


Chapter 10  Unclassified: The Story behind Clipper

10.1 Presidential Decision Directive 5, Public Encryption Management
--William J. Clinton, The White House - April 15, 1993

10.2 Presidential Review Directive 27, Advanced Telecommunications and Encryption

--William J. Clinton - April 16, 1993

10.3 TWG Issue Number I

--National Institute of Standards and Technology May 5, 1989

10.4 Memorandum for the Record re: First Meeting of the NIST/NSA Technical Working Group (TWG)

--Lynn McNulty - May 8, 1989

10.5 NIST Public Key Issues Outline

--National Security Agency - May 1989

10.6 Status Report on TWG Issue Number I

--Lynn McNulty, NIST, and Anonymous, NSA - May 19, 1989

10.7 Technical Support to NIST

--National Security Agency - October 19, 1990

10.8 Memorandum for the Record, NSA-NIST Technical Working Group (TWG) Meeting 11 April 1991

--National Security Agency -April 24,1991

10.9 Letter to Attorney General Barr

--Vice-Admiral J. M. McConnell, NSA - October 28, 1992

10.10 Memorandum for Leon Fuerth re: Encryption

--George J. Tenet, NSC - January 26, 1993

10.11 Memorandum for Leon Fuerth re: Encryption

--George J. Tenet, NSC - February 9, 1993

10.12 Memorandum for Leon Fuerth and William Wise re: Help

--George J. Tenet, NSC - March 5, 1993

10.13 Memorandum re: Meeting on Encryption Policy

--Vice President Albert Gore, Jr. - March 30, 1993

10.14 Memorandum re: Package #20321 20322

--George J. Tenet, NSC -April 12, 1993.


Chapter 11 Clipping the Clipper: Public Response to Desktop Surveillance

11.1 Sink the Clipper Chip
--William Safire - The New York Times - February 14, 1994

11.2 Key Escrow: Its Impact and Alternatives,Testimony Before the Senate Judiciary Subcommittee on Technology and Law

--Dr. Whitfield Diffie, Sun Microsystems - May 3, 1994

11.3 Statement of the Computer and Business Equipment Manufacturers Association (CBEMA)

--Computer and Business Equipment Manufacturers Association (CBEMA) - May 27, 1993

11.4 Statement on Encryption Technology and Policy Before the Subcommittee on Telecommunications and Finance, U.S. House of Representatives

--Marc Rotenberg, CPSR - June 9, 1993

11.5 Statement Before NIST Computer System Security and Privacy Advisory Board Hearing

--American Civil Liberties Union - May 28, 1993

11.6 Proposed FIPS for Escrowed Encryption Standard (CPSR Comments to NIST)

--CPSR Washington Office - September 27, 1993

11.7 Letter to President Clinton on Clipper

--Computer Professionals for Social Responsibility, Washington Office - December 8, 1993

11.8 Experts Letter to President Clinton on Clipper

--Various Authors - January 24, 1994

11.9 Position Statement on Encryption Policy

--The Institute of Electrical and Electronics Engineers United States Activities Board - January 1994

11.10 USACM Position on the Escrowed Encryption Standard

--Association for Computing, U.S. Public Policy Committee - 1994


PART VI   PUTTING THE GENIE BACK IN THE BOTTLE: EXPORT CONTROLS ON CRYPTOGRAPHY

Chapter 12 Atom Bombs, Fighter Planes, Machine Guns, and Cryptography: Export Controls

12.1 Electronic Speech--for Domestic Use Only
--Bruce Schneier - Network World - January 15, 1995

12.2 My Life as an International Arms Courier

--Matt Blaze, AT&T - January 1995

12.3 Testimony Before the Committee on the Judiciary, Subcommittee on Technology and the Law, United States Senate

--Stephen Walker, TIS - May 3, 1994 (excerpts)

12.4 Report on Foreign Legal and Regulatory Controls on Imports and Use of Data Encryption Systems

--DCI Counterintelligence Center - February 3, 1993

12 . 5 CIA Memorandum: Selected Foreign Trends in Telecommunications Technology

--Central Intelligence Agency -1993 (excerpt)

12.6 Identification and Analysis of Foreign Laws and Regulations Pertaining to the Use of Commercial Encryption Products for Voice and Data Communications

--National Institute of Standards and Technology - January, 1994

12.7 Advanced Telecommunications and Encryption (Memoranda, PRD/NSC 27)

--Office of the Assistant Secretary of Defense - April 20, 1993

12.8 A Study of the International Market for Computer Software with Encryption

--Commerce Department & NSA - July 1995


Chapter 13  Untying the Gordian Knot: Efforts to Relax Export Controls

13.1 Letter to President Clinton on Export Controls
--U.S. Congress, House of Representatives Committee on Foreign Affairs - September 30,1993

13.2 S. 1726 Promotion of Commerce On-Line in the Digital Era (Pro-CODE) Act

--Senator Conrad Burns - March 5, 1996

13.3 Testimony before the Senate Committee on Commerce, Science and Transportation on S. 1726

--Jim Barksdale, Netscape Communications - June 12, 1996

13.4 Report on H.R. 3627 Omnibus Export Administration Act of 1994

--House Intelligence Committee - June 16, 1994 (excerpts)


PART VII   BIG BROTHER AS THE KEEPER OF THE KEYS: WILL THE GOVERNMENT TAKE OVER CRYPTO?

Chapter 14 Banning Cryptography

14.1 Options to Address Encryption Effects on Law Enforcement [censored]
--National Security Agency - Undated (1993)

14.2 Jacking in from the Narco-Terrorist Encryption Port

--Brock Meeks - Cyberwire Dispatch - May 1995

14.3 S. 974 Anti-Electronic Racketeering Act of 1995

--Senator Charles Grassley

14.4 Floor Statement on the Anti-Electronic Racketeering Act of 1995

--Senator Charles Grassley

14.5 EPIC Analysis of Encryption Provisions of S. 974

--David Sobel, Electronic Privacy Information Center - July 19, 1995


Chapter 15  Software Key Escrow

15.1 Letter to Rep. Maria Cantwell
--Vice President Al Gore - July 20, 1994

15.2 Commercial Key Escrow

--Steven Walker et al., Trusted Information Systems - January 3, 1995

15.3 Administration Statement on Commercial Encryption Policy

--White House - July 12, 1996

15.4 Comments on Draft Export Criteria for Key Escrow Encryption

--David Sobel, Electronic Privacy Information Center - December 5, 1995


Epilog

--Bruce Schneier


Bibliography of Books and Articles on Wiretapping and Cryptography

Foreword

The authors of The Electronic Privacy Papers have written an important book at the right time on a subject that will only continue to grow in importance. It examines the important question of what the proper and constitutional role of government should be in the monitoring and surveillance of the enormous volume of traffic that will be flowing along the national information infrastructure or the information superhighway.

Should, through wiretapping and other sophisticated electronic means, government enlarge its capacity to listen in and look over the shoulder of the American people? On one side is arrayed such powerful agencies of government as the supersecret National Security Agency and such highly visible crime fighters as the current head of the FBI Louis Freeh. It is he who proclaims that electronic surveillance is one of the most important and effective, indeed sometimes the only way to deal with the nation's serious crime problem. In the ranks of the opposition are countless concerned Americans who foresee the very real possibility that their rights of personal privacy are threatened. If government is granted the ability that it seeks to expand its efforts in the name of everything from terrorism to international counterfeiting to drug running, what price will we pay? Wiretapping is supposed to be the weapon of last resort, not simply the weapon of choice. Will it, however, inevitably become an instrumentality that is used routinely and with far less discrimination once the already intrusive powers of government are amplified and greatly increased, as could result from some current proposals?

It is a strange anomaly that efforts to replace the Data Encryption Standard that ensued after 1989 have included such proposals as the hotly debatable and highly controversial Clipper Chip, which would be based on a classified algorithm. It would also be implemented only in newly designed hardware. It was in 1989 with the fall of the infamous wall in Berlin that the cold war began to slide into history. In just two years the implosion of the USSR was the confirming fact. It seemed logical to assume that this dramatic series of events heralded the advent of an era when there would be far less need for heavy-handed government efforts to monitor the communications of its citizens in the name of protecting national security. The world looked forward to the free and untrammeled transmission of electronic and digitized information along a national information infrastructure still in the first stages of construction. All of this could be accomplished in an environment of greater freedom without any basic compromise of national security because an exciting new age had dawned.

Dramatic evidence that these sentiments were shared by Americans of all political persuasions and beliefs came in the manifestations of overwhelming opposition to the Clipper Chip: An electronic petition bearing almost 50,000 names and recognized national polls reflecting a huge preponderance of opinion in discourse on that fundamental human right. One of our most distinguished jurists, Justice Louis D. Brandeis, defined the right of privacy as simply the right of a citizen when arrayed against the awesome power of government to be let alone.

The authors of The Electronic Privacy Papers have made a powerful case for a need to critically examine not only Clipper Chip and the Digital Telephony Plan but other proposals that may be coming with onrushing speed that would dim the lamp of freedom. In the area of federal wiretapping, the growth of ever new and expanded communications networks has exposed a particular vulnerability. The ease of government snooping in areas where it has absolutely no business has increased exponentially. The real need of the moment is to set new legal standards that would place limits on the unwarranted curiosity of officials which leads to improper surveillance over individuals and subject matter. The information age must not become a precursor to an age of inquisition.We need not conclude a Faustian bargain in the name of dealing with problems of both domestic and international law enforcement that would leave us constitutionally compromised in the ever continuing struggle for human freedom.

Hon. John Anderson

Preface

In 1928, U.S. Supreme Court Justice Louis D. Brandeis wrote: "Sunshine is the best disinfectant." He was referring to the problem that arises when government decision making is made in the dark. This book attempts to bring some of that light into the back rooms where crucial decisions on the future of privacy in t}'le information age are made with little or no public knowledge or input. The men and women in these rooms have determined that their needs for surveillance are more important than the privacy and civil liberty rights of the rest of the country.

Using the Freedom of Information Act (FOIA) leaked governments documents and public statements, we shine a spotlight on the actions of secret government agencies, at least for a peek.

This book grows out of the work of the Washington, D.C. office of Computer Professionals for Social Responsibility and more recently the Electronic Privacy Information Center. All but a few of the FOIA documents were obtained by that office. Without their assistance, this could not have been done. The work of Marc Rotenberg and David Sobel have been invaluable.

David and Bruce would like to thank our family and friends, especially David's wife Vicki and Bruce's wife Karen for all their help, Simon Davies, David Burnham, and Wayne Madsen for their advice and guidance, and the hundreds of other people who helped out in ways large and small.

PART ONE  

PRIVACY AND THE INFORMATION SNOOPERHIGHWAY

[Pages 3-5]

CHAPTER 1

Roadblocks on the Information Superhighway

The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding

Justice Louis D. Brandeis

THE INFORMATION SNOOPERHIGHWAY

Over the past several decades, the communications system in the United States has undergone a fundamental evolution, from an analog system using mechanical switches and copper wires to a computer-operated, digital system incorporating glass fibers, microwaves, satellites, and many other technologies to transmit voice, video, and data in digital form at high speeds. The differences between information sent over telephones, cable television, microwaves, satellites, and broadcast radio are blurring: People send electronic mail over cellular telephones, Internet and FM radio is available on some cable networks, video and audio conferencing is a part of some computer networks. As all communications become digital and available bandwidth grows, it won't matter whether people are connected via wire, fiber, or radio, it won't matter whether people are sending and receiving written words, voice, or video. Everyone will be connected by a single data network: the information superhighway.

THE FUTURE OF PRIVACY

Privacy is under siege. As we move toward this universally internetworked world, a massive amount of information about individuals--love letters, medical records, financial information, reading habits, spending patterns, personal preferences--is being collected and transferred over computer networks. These networks are not secure. Digital communications can be easily intercepted and manipulated by people, groups, companies, or national governments who are intent on committing fraud, espionage, or malicious acts.

It is time to bring the social constructs of privacy, long held in the world of face-to-face communication, to the world of electronic communication. Perhaps the largest question to be answered is who should determine the level of privacy and information security that citizens and corporations will have in the information age? Should the key decisions be made by the federal intelligence agencies in charge of electronic surveillance and their law enforcement partners? Should they be made by civilian agencies such as the White House and the Department of Commerce, who theoretically consider input from the public? Or should the government remove itself from the decision making all together, leaving it up to the free market? The answer to these questions will have a substantial effect on how we will work and live in the twenty-first century, how our civil liberties are protected, and the level of accountability we exercise over the government in a democratic society.

A technical solution to many of these problems is itself as old as written communication. Strong security and privacy can be provided by using a modern version of the 4000-year-old technique of cryptography. Cryptography is the scrambling of information into an unreadable language that only the intended recipient can understand. It has been used by individuals and governments to protect their communications since writing was invented. Today, cryptography is the primary technique to protect confidential communications from eavesdropping, to authenticate identities (or provide anonymous cash-like exchanges) for electronic commerce and security, and to prevent computer viruses and illegal copying of software.

The law enforcement and intelligence communities have attempted to impede development and dissemination of cryptography and other security measures, fearing that these measures will reduce their ability to investigate crime and monitor the communications of foreign governments. Under the guise of protecting us from the new (and largely imaginary) four horsemen of the information apocalypse--drug dealers, money launderers, terrorists, and pornographers--law enforcement and intelligence agencies are trying to redesign communications networks to ensure easy and widespread surveillance from their desktops. They try to scare the public into following draconian proposals that would be more suited for the old Soviet Union than the free world. An example of this is the efforts by the current director of the Federal Bureau of Investigation, Louis Freeh. In a typical scare speech he gave in 1994, he threatens dire consequences: "[I]f you think crime is bad now, just wait and see what happens if the FBI one day soon is no longer able to conduct court-approved electronic surveillance." He fears that in a world without wiretaps "there will be disastrous consequences . . . federal law enforcement will be crippled and the national security endangered." He relentlessly lobbied Congress for a new federal law that required every telephone and computer network in the United States be redesigned to make it easier for the FBI to conduct wiretaps. It didn't matter that legal wiretapping is used only infrequently by law enforcement and almost exclusively for drug cases. Or that all reports on its usage indicate that it is inefficient and costly. He wanted that law. And he got it, regardless of the privacy and security problems.

At the same time, the National Security Agency (NSA), the secretive intelligence agency that is in charge of worldwide electronic surveillance, has attempted to limit research and development of computer security devices that could protect privacy and security to maintain its worldwide surveillance capabilities. Their policies of denying export approval to secure encryption products have delayed widespread use of encryption and have resulted in a U.S. encryption industry that loses millions of dollars each year to foreign competitors that do not have the same restrictions and can even import their software and hardware into the United States. Their attempts at setting policy for domestic use of cryptography have hamstrung efforts to develop new national and international standards.

In the past several years, this conflict has come to a head, focusing on two controversial proposals: the Clipper Chip and the Digital Telephony proposals.The collective impact of these proposals is to change long-standing presumptions of the U.S. telephone system: that telephone calls are not inherently suspicious and that communications companies are not the agents of law enforcement. That presumption, which was prevalent in countries behind the Iron Curtain, is simply not appropriate in a free, democratic country.

The main impact of these proposals is to impede the development of new technologies by creating regulatory roadblocks. Ultimately, the proposals will not be as effective as the FBI and the NSA assert because most criminals will simply adopt the more secure alternatives. Furthermore, the mandated access procedures open up the possibility of misuse by criminals to commit financial fraud, conduct industrial espionage, and invade personal privacy. Ironically, the main effect of the government policy may be an increase in crime.

[Pages 723-27]

Epilog

Cryptography is hot. Computer break-ins make the front page of national newspapers, highlighting the insecurity of the world's computer networks. The rush for commerce on the Internet highlights the need for security in financial transactions. More and more people are unwilling to recite credit card numbers, or even have a private conversation, on a cellular telephone. Orwellian government initiatives, such as Clipper and Digital Telephony, designed to ensure a nation available for wiretapping, illustrate just how unprotected we really are. But there are many forces working against cryptography. It is clear that the future will bring more widespread use of encryption to protect privacy and digital signatures to prove authenticity. It is less clear exactly who or what these measures will protect against. Security is not an on off switch: There are different degrees and different kinds. What protects you from your co-worker might be ineffective against a dedicated hacker, and what protects you from that hacker might be ineffective against a government.

The future of cryptography will be driven by three factors: research in the design of new algorithms and protocols and in the breaking of old ones, standards based on those algorithms and protocols deemed secure, and products that either follow or ignore those standards.

RESEARCH

Cryptography is, by its very nature, an inexact science. Much as we would like to pronounce a given algorithm or protocol secure, we can't. All we can say is that we do not know how to break it. Someone might figure it out tomorrow, but today we don't know how. This gives cryptography something of an adversarial atmosphere: I propose something and he breaks it, then she proposes something else and they break it, until finally someone proposes something that no one can break. Add to the mix the world's military cryptography organizations, who never publish their work, and that's the discipline.

In the publishing academic world, cryptography is alive and well. There are over a dozen annual academic conferences and workshops, and the International Association of Cryptologic Research has 700 members from 45 countries. Most of their work, however, is theoretical, and not directly applicable to the problems of confidentiality and authentication. Theoretical cryptography is important, but it will not help people protect themselves during the next few years.

At the two recent workshops in cryptographic algorithms--their design and analysis--fewer than 20 percent of the papers were written in the United States. This is primarily a result of funding pressure by the NSA; they have a history of not funding applied cryptography. Most of the world's best academic code makers and code breakers work at universities abroad: Australia, Austria, Belgium, Denmark, England, Israel, Japan, and Switzerland. Advances are likely to come from these countries. Unfortunately, the work is diffused across a broad spectrum of algorithms and protocols. Ten years ago, everyone worked on breaking DES. Today, there are dozens of algorithms meriting serious cryptanalysis, and precious few cryptographers willing to do the work. If they have to divide their time among more algorithms, each algorithm will get less analysis. And we will be less sure about their security.

STANDARDS

The workhorse of cryptography algorithms, DES, has been a standard for nearly 20 years. It is time to replace it. The recent design of a $1 million machine that could recover a DES key in 3.5 hours only confirmed what everybody knew: DES's key size is far too small for today.

The world only partly trusted DES because it survived the scrutiny of the NSA. Experts trusted DES because it was a published standard and because it survived 20 years of intensive cryptanalysis by cryptographers around the world. Cryptography is like that: Confidence in an algorithm grows as group after group tries to break it and fails.

Candidates for a replacement are emerging, but none have taken widespread hold. Many groups, most notably the banking community, are moving to triple-DES. This is a conservative approach: It leverages the cryptographic strength of DES while it increases the key length to something effectively immune from brute-force attack.The NSA is pushing an algorithm called Skipjack, but the combination of a secret algorithm and forced government access to the keys makes that an unattractive option. The IDEA algorithm, developed in Switzerland, is another possible alternative: IDEA is patented, but the license fees are reasonable. And there are a bevy of unpatented also-rans: RC4 (once a trade secret of RSA Data Security, Inc., but now publicly available on the Internet), SAFER, and Blowfish. A major issue is key length.These alternative algorithms all have long keys: 168 bits for triple-DES, 128 bits for IDEA and SAFER. Some, like RC4 and Blowfish, accept variable-length keys. Skipjack's 80-bit key may be fine for today, but in 20 years we could have the same key-length problem that we now have with DES. Any algorithm proposed today will probably not see widespread use for another five years; it might then be used for some 25 years, protecting information that might have to remain secret for another 50. In this business, it pays to be conservative.

In public-key cryptography, the world has more or less standardized the RSA algorithm for both encryption and digital signatures--the U.S. government's Digital Signature Algorithm (DSA) notwithstanding. For many years tyrannous patent policies by RSA Data Security, Inc. (and Public Key Partners) prevented the widespread implementation of public-key cryptography. Recently they have reduced their licensing fees, especially for small start-ups, and have released a free source-code implementation for noncommercial use. All this can easily be seen as a preemptive move to prepare for 1997, when the basic public-key cryptography patent expires. At that time other algorithms, such as ElGamal, enter the public domain.

But public-key cryptography is less concerned with algorithms and more with key length.The security of most public-key algorithms, including RSA, DSA, and ElGamal, is based on the difficulty of factoring large numbers. Factoring is a hard problem, but it is getting easier. And it is getting easier faster than anyone expected. The current factoring record for the kinds of numbers used in public-key cryptography is 428 bits (129 digits). Factoring experts believe that 512-bit numbers are factorable today, and that in less than ten years we will be able to factor 1 024-bit numbers. Farther in the future, they don't know. Again, it's best to be conservative.

Protocol standards are even harder to predict. Kerberos is widely used for network authentication despite numerous problems because it is widely available. There are alternatives, but none have seen any widespread deployment. PEM and PGP are competing for Internet electronic-mail security: The former has the force of standardization but is not being used, while the latter is not a standard but is widely used around the world. Will these protocols remain or will they be replaced? It's hard to make predictions on so little real data.

PRODUCTS

All the research in the world does not protect a single bit of traffic. Cryptography has to find its way to the marketplace in order to be effective. This is why I wrote Applied Cryptography in the first place: to take 20 years of academic research and make it accessible to programmers and engineers and technologists, those who can turn that research into products.The obstacles are considerable. In the 1980s, the NSA shifted its strategy from blocking research to blocking products. Although they have no direct control over American companies, through the State Department they regulate the export of cryptographic products. Anything except toy ciphers that they can easily break are barred from export. U.S. companies can either choose to deliberately cripple their products or sell only to American customers.

Of course, cryptography is international. A Software Publishers Association study identified over 400 foreign commercial cryptography products, many using DES or other nonexportable algorithms: secure telephones, modems, and fax machines, and a myriad of software products for a variety of platforms and applications. There are no rules barring the import of cryptography into the United States, so the products are there for those who really want them.

The problem with these stand-alone products is that they are expensive and require extra work to use. As long as cryptography is used only by those who need privacy, it will remain a red flag. In a network of unprotected electronic mail, the lone encrypted message is suspicious. If you have an encrypted disk drive or make an encrypted telephone call, then you must have something to hide. For cryptography to be truly successful, it has to protect both the important and the trivial. And for that to happen, it has to be as easy as opening a dialog box on your computer or pressing a button on your telephone.

Export controls help prevent cryptography from becoming ubiquitous. Microsoft makes 60 percent of its money abroad; it can't afford to have U.S.-only products. If there were no export controls, cryptography would be just as much a part of Microsoft Windows as data compression is. It would be automatic in communications products, word processors, databases, spreadsheets--every application that might encounter private information. A single world marketplace for encryption hardware would drive chip prices down, making it cost-effective to embed hardware encryption into computers, cellular phones, and other consumer products.

Export controls have been criticized as making no sense, and indeed they do not. They are not supposed to. They are supposed to prevent the widespread implementation of cryptography around the world. Every day they continue to do so is a win for the NSA.

The NSA has also tried to block widespread use of strong cryptography in standards committees. They are attempting to prevent the adoption of triple-DES as an encryption standard in the U.S. banking community.They successfully imposed an all-but-useless encryption algorithm on the U.S. cellular telephone industry. They continue to pressure Microsoft not to issue a strong cryptographic API for Windows. And via the FBI, they are lobbying for key-escrow encryption and threatening to outlaw nonescrowed strong encryption.

The whole Clipper initiative, as big a debacle as it turned out to be, was a victory for the NSA. AT&T w as going to market a secure telephone with DES. The NSA managed to convince them, by offering to pay them for development costs and buy the first 10,000 telephones off the assembly line, to market the Clipper phone instead. The public may have rejected Clipper, but they still can't buy a DES-secured telephone. Victory, NSA.

The NSA is aided by a naive consumer base. Although survey after survey has shown that people want security and are sometimes even willing to pay more for it, there is no way to separate fact from hype. The problem with bad cryptography is that it looks just like good cryptography. Until there is a trusted FDA-like organization that can certify security products, manufacturers will continue to make unsubstantiated claims about a product's security, and consumers will continue to believe them. What makes it worse is that it is so hard to get right. A product has to be perfect: Any single security hole can render the whole product ineffective. A designer has to choose algorithms and protocols, design key management, ensure secure erasure of information, and a whole host of other things. I've seen product after product that used all the right pieces but didn't put them together securely or missed a detail. Cryptography is easy in comparison; the real-world battles are won and lost in the details.

CONCLUSIONS

As an academic discipline, the future of cryptography looks bright: more scientists, more research, and more results. As a consumer product, the future is more fuzzy: a myriad of algorithms of dubious quality, competing standards, and products of questionable security. The NSA wants the world to be secure from everybody except the NSA; they are exerting considerable pressure to make that vision a reality. Certainly digital signatures will become prevalent on the Net; even the NSA doesn't mind being able to positively identify the originator of a message. In the United States we are likely to see a prevalence of weak exportable cryptography and some strong nonexportable cryptography. Ubiquitous strong cryptography on computers is likely to wait until some company outside the United States figures out how to embed it into the software products we use every day.