From: schuman@sgi.com (Aaron Schuman) Newsgroups: alt.security Subject: Congress to order crypto trapdoor? Message-ID: <1991Apr11.231215.19779@dragon.wpd.sgi.com> Date: 11 Apr 91 23:12:15 GMT The United States Senate is considering a bill that would require manufacturers of cryptographic equipment to introduce a trap door, and to make that trap door accessible to law enforcement officials. If you feel, as I do, that the risk of abuse far outweighs the potential benefits, please write to Senators Joseph Biden and Dennis DeConcini, and to the Senators that represent your state, asking that they propose a friendly amendment to their bill removing this requirement. I don't have exact addresses for Senators Biden and DeConcini, and I hope someone will post them here, but the Washington DC post office can deliver letters addressed to Senator Joseph Biden Senator Dennis DeConcini United States Senate and United States Senate Washington, DC 20510 Washington, DC 20510 ------------------------------ RISKS-LIST: RISKS-FORUM Digest Wednesday 10 April 1991 Volume 11 : Issue 43 Date: Wed, 10 Apr 91 17:23 EDT From: WHMurray@DOCKMASTER.NCSC.MIL Subject: U.S. Senate 266, Section 2201 (cryptographics) Senate 266 introduced by Mr. Biden (for himself and Mr. DeConcini) contains the following section: SEC. 2201. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law. ------------------------------ The referenced language requires that manufacturers build trap-doors into all cryptographic equipment and that providers of cconfidential channels reserve to themselves, their agents, and assigns the ability to read all traffic. Are there readers of this list that believe that it is possible for manufacturers of crypto gear to include such a mechanism and also to reserve its use to those "appropriately authorized by law" to employ it? Are there readers of this list who believe that providers of electronic communications services can reserve to themselves the ability to read all the traffic and still keep the traffic "confidential" in any meaningful sense? Is there anybody out there who would buy crypto gear or confidential services from vendors who were subject to such a law? David Kahn asserts that the sovereign always attempts to reserve the use of cryptography to himself. Nonetheless, if this language were to be enacted into law, it would represent a major departure. An earlier Senate went to great pains to assure itself that there were no trapdoors in the DES. Mr. Biden and Mr. DeConcini want to mandate them. The historical justification of such reservation has been "national security;" just when that justification begins to wane, Mr. Biden wants to use "law enforcement." Both justifications rest upon appeals to fear. In the United States the people, not the Congress, are sovereign; it should not be illegal for the people to have access tto communications that the government cannot read. We should be free from unreasonable search and seizure; we should be free from self-incrimination. The government already has powerful tools of investigation at its disposal; it has demonstrated precious little restraint in their use. Any assertion that all use of any such trap-doors would be only "when appropriately authorized by law" is absurd on its face. It is not humanly possible to construct a mechanism that could meet that requirement; any such mechanism would be subject to abuse. I suggest that you begin to stock up on crypto gear while you can still get it. Watch the progress of this law carefully. Begin to identify vendors across the pond. William Hugh Murray, Executive Consultant, Information System Security 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769