642 lines
32 KiB
Plaintext
642 lines
32 KiB
Plaintext
Decrypting the Puzzle Palace
|
|
|
|
previously published in the July, 1992 issue of
|
|
Communications of the ACM
|
|
|
|
by
|
|
John Perry Barlow
|
|
|
|
|
|
"A little sunlight is the best disinfectant."
|
|
--Justice Louis Brandeis
|
|
|
|
|
|
Over a year ago, in a condition of giddier innocence than I enjoy today,
|
|
I wrote the following about the discovery of Cyberspace: Imagine
|
|
discovering a continent so vast that it may have no other side. Imagine
|
|
a new world with more resources than all our future greed might exhaust,
|
|
more opportunities than there will ever be entrepreneurs enough to
|
|
exploit, and a peculiar kind of real estate which expands with
|
|
development.
|
|
|
|
One less felicitous feature of this terrain which I hadn't noticed at
|
|
the time was a long-encamped and immense army of occupation.
|
|
|
|
This army represents interests which are difficult to define. It guards
|
|
the area against unidentified enemies. It meticulously observes almost
|
|
every activity undertaken there, and continuously prevents most who
|
|
inhabit its domain from drawing any blinds against such observation.
|
|
|
|
This army marshals at least 40,000 troops, owns the most advanced
|
|
computing resources in the world, and uses funds the dispersal of which
|
|
does not fall under any democratic review.
|
|
|
|
Imagining this force won't require the inventive powers of a William
|
|
Gibson. The American Occupation Army of Cyberspace exists. Its name is
|
|
the National Security Agency.
|
|
|
|
It can be argued that this peculiar institution inhibits free trade, has
|
|
damaged American competitiveness, and poses a threat to liberty anywhere
|
|
people communicate with electrons. Its principal function, as my
|
|
colleague John Gilmore puts it, is "wire-tapping the world." It is free
|
|
to do this without a warrant from any judge.
|
|
|
|
It is legally constrained from domestic surveillance, but precious few
|
|
people are in a good position to watch what, how, or whom the NSA
|
|
watches. Those who are tend to be temperamentally sympathetic to its
|
|
objectives and methods. They like power, and power understands the
|
|
importance of keeping it own secrets and learning everyone else's.
|
|
|
|
Whether it is meticulously ignoring every American byte or not, the NSA
|
|
is certainly pursuing policies which will render our domestic affairs
|
|
transparent to anyone who can afford big digital hardware. Such
|
|
policies could have profound consequences on our liberty and privacy.
|
|
|
|
More to point, the role of the NSA in the area of domestic privacy needs
|
|
to be assessed in the light of other recent federal initiatives which
|
|
seem aimed at permanently denying privacy to the inhabitants of
|
|
Cyberspace, whether foreign or American.
|
|
|
|
Finally it seems an opportune time, directly following our disorienting
|
|
victory in the Cold War, to ask if the threats from which the NSA
|
|
purportedly protects Americans from are as significant as the hazards
|
|
the NSA's activities present.
|
|
|
|
Like most Americans I'd never given much thought to the NSA until
|
|
recently. (Indeed its very existence was a secret for much of my life.
|
|
Beltway types used to joke that NSA stood for "No Such Agency.") I
|
|
vaguely knew that the NSA was one of the twelve or so shadowy federal
|
|
spook houses erected shortly after the creation of the Iron Curtain with
|
|
the purpose of stopping its advance.
|
|
|
|
The NSA originated in response to a memorandum sent by Harry Truman on
|
|
October 24, 1952 to Secretary of State Dean Acheson and Defense
|
|
Secretary Robert Lovatt. This memo, the very existence of which remained
|
|
secret for almost 40 years, created the NSA, placed it under the
|
|
authority of the Secretary of Defense, and charged it with monitoring
|
|
and decoding any signal transmission relevant to the security of the
|
|
United States.
|
|
|
|
Even after I started noticing the NSA, my natural immunity to paranoia
|
|
combined with a belief in the incompetence of all bureaucracies
|
|
continued to mute any sense of alarm. This was before I began to
|
|
understand the subterranean battles raging over data encryption and the
|
|
NSA's role in them. Lately, I'm less sanguine.
|
|
|
|
Encryption may be the only reliable method for securing privacy in the
|
|
inherently public domain of Cyberspace. I certainly trust it more than
|
|
privacy protection laws. Relying on government to protect your privacy
|
|
is like asking a peeping tom to install your window blinds.
|
|
|
|
In fact, we already have a strong-sounding federal law protecting our
|
|
electronic privacy, the Electronic Communications Privacy Act or ECPA.
|
|
But this law is not very effective in those areas where electronic eaves
|
|
dropping is technically easy. This is especially true in the area of
|
|
cellular phone conversations, which, under the current analog
|
|
transmission standard, are easily accessible to anyone from the FBI to
|
|
you.
|
|
|
|
The degree of present-day law enforcement apprehension over secure
|
|
cellular encryption provides evidence of how seriously they've been
|
|
taking ECPA. Law enforcement organizations are moving on a variety of
|
|
fronts to see that robust electronic privacy protection systems don't
|
|
become generally available to the public. Indeed, the current
|
|
administration may be so determined to achieve this end they may be
|
|
willing to paralyze progress in America's most promising technologies
|
|
rather than yield.
|
|
|
|
Push is coming to shove in two areas of communications technology:
|
|
digital transmission of heretofore analog signals, and the encryption of
|
|
transmitted data.
|
|
|
|
As the communications service providers move to packet switching, fiber
|
|
optic transmission lines, digital wireless, ISDN and other advanced
|
|
techniques, what have been discrete channels of continuous electrical
|
|
impulses, voices audible to anyone with alligator clips on the right
|
|
wires, are now becoming chaotic blasts of data packets, readily
|
|
intelligible only to the sender and receiver. This development
|
|
effectively forecloses traditional wire-tapping techniques, even as it
|
|
provides new and different opportunities for electronic surveillance.
|
|
|
|
It is in the latter area where the NSA knows its stuff. A fair
|
|
percentage of the digital signals dispatched on planet Earth must pass
|
|
at some point through the NSA's big sieve in Fort Meade, Maryland, 12
|
|
underground acres of the heaviest hardware in the computing world.
|
|
There, unless these packets are also encrypted with a particularly
|
|
knotty algorithm, sorting them back into their original continuity is
|
|
not very difficult.
|
|
|
|
In 1991, alarmed at a future in which it would have to sort through an
|
|
endless fruit salad of encrypted bits, the FBI persuaded Senator Joseph
|
|
Biden to include certain language in Senate Bill 266. The new language
|
|
in the bill required electronic communications services and those who
|
|
created communications devices to implement only such encryption methods
|
|
as would assure government's ability to extract the plain text of any
|
|
voice or data communications in which it took a legal interest. It was
|
|
as if the government had responded to a technological leap in lock
|
|
design by requiring all building contractors to supply it with skeleton
|
|
keys to every door in America.
|
|
|
|
The provision raised wide-spread concern in the computer community,
|
|
which was better equipped to understand its implications than the
|
|
general public. In August of last year, the Electronic Frontier
|
|
Foundation, in cooperation with Computer Professionals for Social
|
|
Responsibility and other industry groups, successfully lobbied to have
|
|
it removed from the bill.
|
|
|
|
Our celebration was restrained. We knew we hadn't seen the last of it.
|
|
For one thing, the movement to digital communications does create some
|
|
serious obstacles to traditional wire-tapping procedures. I fully
|
|
expected that law enforcement would be back with new proposals, which I
|
|
hoped might be ones we could support. But what I didn't understand then,
|
|
and am only now beginning to appreciate, was the extent to which this
|
|
issue had already been engaged by the NSA in the obscure area of export
|
|
controls over data encryption algorithms. Encryption algorithms,
|
|
despite their purely defensive characteristics, have been regarded by
|
|
the government of this country as weapons of war for many years. If they
|
|
are to be employed for privacy (as opposed to authentication) and they
|
|
are any good at all, their export is licensed under State Department's
|
|
International Traffic in Arms Regulations or ITAR.
|
|
|
|
The encryption watchdog is the NSA. It has been enforcing a policy,
|
|
neither debated nor even admitted to, which holds that if a device or
|
|
program contains an encryption scheme which the NSA canUt break fairly
|
|
easily, it will not be licensed for international sale. Aside for
|
|
marveling at the silliness of trying to embargo algorithms, a practice
|
|
about as pragmatic as restricting the export of wind, I didn't pay much
|
|
attention to the implications of NSA encryption policies until February
|
|
of this year. It was then that I learned about the deliberations of an
|
|
obscure group of cellular industry representatives called the Ad Hoc
|
|
Authentication Task Force, TR45.3 and of the influence which the NSA has
|
|
apparently exercised over their findings.
|
|
|
|
In the stately fashion characteristic of standard-setting bodies, this
|
|
group has been working for several years on a standard for digital
|
|
cellular transmission, authentication, and privacy protection. This
|
|
standard is known by the characteristically whimsical telco moniker
|
|
IS-54B.
|
|
|
|
In February they met near Giants Stadium in East Rutherford, NJ. At that
|
|
meeting, they recommended, and agreed not to publish, an encryption
|
|
scheme for American-made digital cellular systems which many
|
|
sophisticated observers believe to be intentionally vulnerable. It was
|
|
further thought by many observers that this Rdumbing downS had been done
|
|
indirect cooperation with the NSA. Given the secret nature of the new
|
|
algorithm, its actual merits were difficult to assess. But many
|
|
cryptologists believe there is enough in the published portions of the
|
|
standard to confirm that it isnUt any good.
|
|
|
|
One cryptographic expert, who asked not to be identified lest the NSA
|
|
take reprisals against his company, said:
|
|
"The voice privacy scheme, as opposed to the authentication scheme, is
|
|
pitifully easy to break. It involves the generation of two `voice
|
|
privacy masks' each 260 bits long. They are generated as a byproduct of
|
|
the authentication algorithm and remain fixed for the duration of a
|
|
call. The voice privacy masks are exclusive_ORed with each frame of data
|
|
from the vocoder at the transmitter. The receiver XORs the same mask
|
|
with the incoming data frame to recover the original plain text. Anyone
|
|
familiar with the fundamentals of cryptanalysis can easily see how weak
|
|
this scheme is."
|
|
|
|
And indeed, Whitfield Diffie, co-inventor of Public Key cryptography and
|
|
arguably the dean of this obscure field, told me this about the fixed
|
|
masks:
|
|
"Given that description of the encryption process, there is no need for
|
|
the opponents to know how the masks were generated. Routine
|
|
cryptanalytic operations will quickly determine the masks and remove
|
|
them."
|
|
|
|
Some on the committee claimed that possible NSA refusal of export
|
|
licensing had no bearing on the algorithm they chose. But their decision
|
|
not to publish the entire method and expose it to cryptanalytical abuse
|
|
(not to mention ANSI certification) was accompanied by the following
|
|
convoluted justification:
|
|
"It is the belief of the majority of the Ad Hoc Group, based on our
|
|
current understanding of the export requirements, that a published
|
|
algorithm would facilitate the cracking of the algorithm to the extent
|
|
that its fundamental purpose is defeated or compromised." (Emphasis
|
|
added.)
|
|
|
|
Now this is a weird paragraph any way you parse it, but its most
|
|
singular quality is the sudden, incongruous appearance of export
|
|
requirements in a paragraph otherwise devoted to algorithmic integrity.
|
|
In fact, this paragraph is itself code, the plain text of which goes
|
|
something like this: "We're adopting this algorithm because, if we
|
|
don't, the NSA will slam an export embargo on all domestically
|
|
manufactured digital cellular phones."
|
|
|
|
Obviously, the cellular phone system manufacturers and providers are not
|
|
going to produce one model for overseas sale and another for domestic
|
|
production. Thus, a primary effect of NSA-driven efforts to deny some
|
|
unnamed foreign enemy secure cellular communications is on domestic
|
|
security. The wireless channels available to Americans will be cloaked
|
|
in a mathematical veil so thin that, as one crypto- expert put it, "Any
|
|
county sheriff with the right PC-based black box will be able to monitor
|
|
your cellular conversations."
|
|
|
|
When I heard him say that, it suddenly became clear to me that, whether
|
|
consciously undertaken with that goal or not, the most important result
|
|
of the NSA's encryption embargoes has been the future convenience of
|
|
domestic law enforcement. Thanks to NSA export policies, they will be
|
|
assured that, as more Americans protect their privacy with encryption,
|
|
it will be of a sort easily penetrated by authority.
|
|
|
|
I find it increasingly hard to imagine this is not their real objective
|
|
as well. Surely, the NSA must be aware of how ineffectual their efforts
|
|
have been in keeping good encryption out of inimical military
|
|
possession. An algorithm is somewhat less easily stopped at the border
|
|
than, say, a nuclear reactor. As William Neukom, head of Microsoft Legal
|
|
puts it, "The notion that you can control this technology is comical."
|
|
|
|
I became further persuaded that this was the case upon hearing, from a
|
|
couple of sources, that the Russians have been using the possibly
|
|
uncrackable (and American) RSA algorithm in their missile launch codes
|
|
for the last ten years and that, for as little as five bucks, one can
|
|
get a software package called Crypto II on the streets of Saint
|
|
Petersburg which includes both RSA and DES encryption systems.
|
|
|
|
Nevertheless, the NSA has been willing to cost American business a lot
|
|
of revenue rather than allow domestic products with strong encryption
|
|
into the global market.
|
|
|
|
While it's impossible to set a credible figure on what that loss might
|
|
add up to, it's high. Jim Bidzos, whose RSA Data Security licenses RSA,
|
|
points to one major Swiss bid in which a hundred million dollar contract
|
|
for financial computer terminals went to a European vendor after
|
|
American companies were prohibited by the NSA from exporting a truly
|
|
secure network.
|
|
|
|
The list of export software containing intentionally broken encryption
|
|
is also long. Lotus Notes ships in two versions. DonUt count on much
|
|
protection from the encryption in the export version. Both Microsoft and
|
|
Novell have been thwarted in their efforts to include RSA in their
|
|
international networking software, despite frequent publication of the
|
|
entire RSA algorithm in technical journals all over the world.
|
|
|
|
With hardware, the job has been easier. NSA levied against the inclusion
|
|
of a DES chip in the AS/390 series IBM mainframes in late 1990 despite
|
|
the fact that, by this time, DES was in widespread use around the world,
|
|
including semi-official adoption by our official enemy, the USSR.
|
|
|
|
I now realize that the Soviets have not been the NSA's main concern at
|
|
any time lately. Naively hoping that, with the collapse of the Evil
|
|
Empire, the NSA might be out of work, I learned that, given their own
|
|
vigorous crypto systems and their long use of some embargoed products,
|
|
the Russians could not have been the threat from whom this forbidden
|
|
knowledge was to be kept. Who has the enemy been then? I started to ask
|
|
around.
|
|
|
|
Cited again and again as the real object of the embargoes were Third-
|
|
World countries, terrorists and... criminals. Criminals, most generally
|
|
drug-flavored, kept coming up, and nobody seemed concerned that some of
|
|
their operations might be located in areas supposedly off- limits to NSA
|
|
scrutiny.
|
|
|
|
Presumably the NSA is restricted from conducting American surveillance
|
|
by both the Foreign Intelligence Surveillance Act of 1978(FISA) and a
|
|
series of presidential directives, beginning with one issued by
|
|
President Ford following Richard Nixon's bold misuse of the NSA, in
|
|
which he explicitly directed the NSA to conduct widespread domestic
|
|
surveillance of political dissidents and drug users.
|
|
|
|
But whether or not FISA has actually limited the NSA's abilities to
|
|
conduct domestic surveillance seemed less relevant the more I thought
|
|
about it. A better question to ask was, "Who is best served by the NSA's
|
|
encryption export policies?" The answer is clear: domestic law
|
|
enforcement. Was this the result of some plot between NSA and, say, the
|
|
Department of Justice? Not necessarily.
|
|
|
|
Certainly in the case of the digital cellular standard, cultural
|
|
congruity between foreign intelligence, domestic law enforcement, and
|
|
what somebody referred to as "spook wannabes on the TR45.3 committee"
|
|
might have a lot more to do with the its eventual flavor than any actual
|
|
whisperings along the Potomac.
|
|
|
|
Unable to get anyone presently employed by the NSA to comment on this or
|
|
any other matter, I approached a couple of old hands for a highly
|
|
distilled sample of intelligence culture.
|
|
|
|
I called Admirals Stansfield Turner and Bobby Ray Inman. Their Carter
|
|
administration positions as, respectively, CIA and NSA Directors, had
|
|
endowed them with considerable experience in such matters In addition,
|
|
both are generally regarded to be somewhat more sensitive to the limits
|
|
of democratic power than their successors. And their successors seemed
|
|
unlikely to return my calls. My phone conversations with Turner and
|
|
Inman were amiable enough, but they didn't ease my gathering sense that
|
|
the NSA takes an active interest in areas beyond its authorized field of
|
|
scrutiny. Turner started out by saying he was in no position to confirm
|
|
or deny any suspicions about direct NSA-FBI cooperation on encryption.
|
|
Still, he didn't think I was being irrational in raising the question.
|
|
In fact, he genially encouraged me to investigate the matter further.
|
|
He also said that while a sub rosa arrangement between the NSA and the
|
|
Department of Justice to compromise domestic encryption would be
|
|
"injudicious," he could think of no law, including FISA (which he helped
|
|
design), which would prevent it.
|
|
|
|
Alarmingly, this gentleman who has written eloquently on the hazards of
|
|
surveillance in a democracy did not seem terribly concerned that our
|
|
digital shelters are being rendered permanently translucent by and to
|
|
the government. He said, "A threat could develop...terrorism, narcotics,
|
|
whatever...where the public would be pleased that all electronic traffic
|
|
was open to decryption. You can't legislate something which forecloses
|
|
the possibility of meeting that kind of emergency."
|
|
|
|
Admiral Inman had even more enthusiasm for assertive governmental
|
|
supervision. Although he admitted no real knowledge of the events behind
|
|
the new cellular encryption standard, he wasn't disturbed to hear it
|
|
might be purposely flawed.
|
|
|
|
And, despite the fact that his responsibilities as NSA Director had been
|
|
restricted to foreign intelligence, he seemed a lot more comfortable
|
|
talking about threats on the home front. "The Department of Justice,"
|
|
Inman began, "has a very legitimate worry. The major weapon against
|
|
white collar crime has been the court-ordered wiretap. If the criminal
|
|
elements go to using a high quality cipher, the principal defense
|
|
against narcotics traffic is gone." This didn't sound like a guy who,
|
|
were he still head of NSA, would rebuff FBI attempts to get a little
|
|
help from his agency.
|
|
|
|
He brushed off my concerns about the weakness of the cellular encryption
|
|
standard. "If all you're seeking is personal privacy, you can get that
|
|
with a very minimal amount of encipherment." Well, I wondered, Privacy
|
|
from whom?
|
|
|
|
Inman seemed to regard real, virile encryption to be something rather
|
|
like a Saturday Night Special. "My answer," he said, "would be
|
|
legislation which would make it a criminal offense to use encrypted
|
|
communication to conceal criminal activity."
|
|
|
|
Wouldn't that render all encrypted traffic automatically suspect? I
|
|
asked.
|
|
|
|
"Well," he said, "you could have a registry of institutions which can
|
|
legally use ciphers. If you get somebody using one who isn't registered,
|
|
then you go after him."
|
|
|
|
You can have my encryption algorithm, I thought to myself, when you pry
|
|
my cold dead fingers from its private key.
|
|
|
|
It wasn't a big sample, but it was enough to gain an appreciation of the
|
|
cultural climate of the intelligence community. And these guys are the
|
|
liberals. What legal efficiencies might their Republican successors be
|
|
willing to employ to protect the American Way? Without the familiar
|
|
presence of the Soviets, we can expect a sharp increase in over-rated
|
|
bogeymen and virtual states of emergency. This is already well under
|
|
way. I think we can expect our drifting and confused hardliners to burn
|
|
the Reichstag repeatedly until they have managed to extract from our
|
|
induced alarm the sort of government which makes them feel safe.
|
|
|
|
This process has been under way for some time. One sees it in the war on
|
|
terrorism, against which pursuit "no liberty is absolute," as Admiral
|
|
Turner put it. This, despite the fact that, during last year for which I
|
|
have a solid figure, 1987, only 7 Americans succumbed to terrorism.
|
|
|
|
You can also see it clearly under way in the War on Some Drugs. The
|
|
Fourth Amendment to the Constitution has largely disappeared in this
|
|
civil war. And among the people I spoke with, it seemed a common canon
|
|
that drugs (by which one does not mean Jim Beam, Marlboros, Folger's, or
|
|
Halcion) were a sufficient evil to merit the government's holding any
|
|
keys it wanted.
|
|
|
|
One individual close to the committee said that at least some of the
|
|
aforementioned "spook wannabes" on the committee were interested in weak
|
|
cellular encryption because they considered warrants not "practical"
|
|
when it came to pursuing drug dealers and other criminals using cellular
|
|
phones.
|
|
|
|
In a fearful America, where the people cry for shorter chains and
|
|
smaller cages, such privileges as secure personal communications are
|
|
increasingly regarded as expendable luxuries. As Whitfield Diffie put
|
|
it, "From the consistent way in which Americans seem to put security
|
|
ahead of freedom, I fear that most would prefer that all electronic
|
|
traffic was open to government decryption."
|
|
|
|
In any event, while I found no proof of an NSA-FBI conspiracy to gut the
|
|
American cellular phone encryption standard, it seemed clear to me that
|
|
none was needed. The same results can be delivered by a cultural
|
|
"auto-conspiracy" between like-minded hardliners and cellular companies
|
|
who will care about privacy only when their customers do.
|
|
|
|
You don't have to be a hand-wringing libertarian like me to worry about
|
|
the domestic consequences of the NSA's encryption embargoes. They are
|
|
also, as stated previously, bad for business. Unless, of course, the
|
|
business of America is no longer business but, as sometimes seems the
|
|
case these days, crime control.
|
|
|
|
As Ron Rivest (the "R" in RSA) said to me, "We have the largest
|
|
information-based economy in the world. We have lots of reasons for
|
|
wanting to protect information, and weakening our encryption systems for
|
|
the convenience of law enforcement doesn't serve the national interest."
|
|
|
|
But by early March, it was clear that this "business-oriented"
|
|
administration had made a clear choice to favor cops over commerce even
|
|
if the costs to the American economy were to become extremely high.
|
|
|
|
A sense of White House seriousness in this regard could be taken from
|
|
their response to the first serious effort by Congress to bring the NSA
|
|
to task for its encryption embargoes. Rep. Mel Levine (D- Calif.)
|
|
proposed an amendment to the Export Administration Act to transfer mass
|
|
market software controls to the Commerce Department, which would relax
|
|
the rules. The administration responded by saying that they would veto
|
|
the entire bill if the Levine amendment remained attached to it.
|
|
|
|
Even though it appeared the NSA had little to fear from Congress, the
|
|
Levine amendment may have been part of what placed the agency in a
|
|
bargaining mood for the first time. They entered into discussions with
|
|
the Software Publishers Association who, acting primarily on behalf of
|
|
Microsoft and Lotus, got to them to agree "in principle" to a
|
|
streamlined process for export licensing of encryption which might
|
|
provide for more robust standards than previously allowed.
|
|
|
|
But the negotiations between the NSA and the SPA were being conducted
|
|
behind closed doors. The NSA imposed an understanding that any agreement
|
|
would be set forth only in a "confidential" letter to Congress. As in
|
|
the case of the digital cellular standard, this would eliminate the
|
|
public scrutiny by cryptography researchers.
|
|
|
|
Furthermore, some cryptographers worried that the encryption key lengths
|
|
to which the SPA appeared willing to restrict its members might be too
|
|
short for the sorts of brute-force decryption assaults which advances in
|
|
processor technology will yield in the near future. And brute force
|
|
decryption has always been the NSA's strong suit. The impression
|
|
engendered by the style of the NSA-SPA negotiations did not inspire
|
|
confidence. The lack of confidence will operate to the continued
|
|
advantage of foreign manufacturers in an era when more and more
|
|
institutions are going to be concerned about the privacy of their
|
|
digital communications.
|
|
|
|
But the economic damage which the NSA-SPA agreement might cause would be
|
|
minor compared to what would result from a startling new federal
|
|
initiative, the Department of Justice's proposed legislation on digital
|
|
telephony. If you're wondering what happened to the snooping provisions
|
|
which were in Senate Bill 266, look no further. They're back. Bigger
|
|
and bolder than before.
|
|
|
|
They are contained in a sweeping proposal by the Justice Department to
|
|
the Senate Commerce Committee. It proposes legislation which would
|
|
"require providers of electronic communications services and private
|
|
branch exchanges to ensure that the Government's ability to lawfully
|
|
intercept communications is unimpeded by the introduction of advanced
|
|
digital telecommunications technology or any other telecommunications
|
|
technology."
|
|
|
|
This really means what it says: before any advance in telecommunications
|
|
technology can be deployed, the service providers and manufacturers must
|
|
assure the cops that they can tap into it. In other words, development
|
|
in digital communications technology must come to a screeching halt
|
|
until The Department of Justice can be assured that it will be able to
|
|
grab and examine data packets with the same facility they have long
|
|
enjoyed with analog wire-tapping.
|
|
|
|
It gets worse. The initiative also provides that, if requested by the
|
|
Attorney General, "any Commission proceeding concerning regulations,
|
|
standards or registrations issued or to be issued under authority of
|
|
this section shall be closed to the public." This essentially places the
|
|
Attorney General in a position to shut down any telecommunications
|
|
advance without benefit of public hearing.
|
|
|
|
When I first heard of the digital telephony proposal, I assumed it was a
|
|
kind of bargaining chip. I couldn't imagine it was serious. But it now
|
|
appears they are going to the mattresses on this one.
|
|
|
|
Taken together with NSA's continued assertion of its authority over
|
|
encryption, a pattern becomes clear. The government of the United States
|
|
is so determined to maintain law enforcement's traditional wire-tapping
|
|
abilities in the digital age that it is willing to cripple the American
|
|
economy. This may sound hyperbolic, but I believe it is not.
|
|
|
|
The greatest technological advantages this country presently enjoys are
|
|
in the areas of software and telecommunications. Furthermore, thanks in
|
|
large part to the Internet, much of America is already wired for bytes.
|
|
This is as significant an economic edge in the Information Age as the
|
|
existence of a railroad system was for England one hundred fifty years
|
|
ago.
|
|
|
|
If we continue to permit the NSA to cripple our software and further
|
|
convey to the Department of Justice the right to stop development the
|
|
Net without public input, we are sacrificing both our economic future
|
|
and our liberties. And all in the name of combating terrorism and drugs.
|
|
|
|
This has now gone far enough. I have always been inclined to view the
|
|
American government as fairly benign as such creatures go. I am
|
|
generally the least paranoid person I know, but there is something scary
|
|
about a government which cares more about putting its nose in your
|
|
business than it does about keeping that business healthy. As I write
|
|
this, a new ad hoc working group on digital privacy, coordinated by the
|
|
Electronic Frontier Foundation, is scrambling to meet the challenge. The
|
|
group includes representatives from organizations like AT&T, the
|
|
Regional Bells, IBM, Microsoft, the Electronic Mail Association and
|
|
about thirty other companies and public interest groups.
|
|
|
|
Under the direction of Jerry Berman, EFF's Washington office director,
|
|
and John Podesta, a capable lobbyist and privacy specialist who helped
|
|
draft the ECPA, this group intends to stop the provisions in digital
|
|
telephony proposal from entering the statute books.
|
|
|
|
We intend to work with federal law enforcement officials to address
|
|
their legitimate concerns. We donUt dispute their need to conduct some
|
|
electronic surveillance, but we believe this can be assured by more
|
|
restrained methods than they're proposing. We are also preparing a
|
|
thorough examination of the NSA's encryption export policies and looking
|
|
into the constitutional implications of those policies. Rather than
|
|
negotiating behind closed doors, as the SPA has been attempting to do,
|
|
America's digital industries have a strong self-interest in banding
|
|
together to bring the NSA's procedures and objectives into the sunlight
|
|
of public discussion.
|
|
|
|
Finally, we are hoping to open a dialog with the NSA. We need to develop
|
|
a better understanding of their perception of the world and its threats.
|
|
Who are they guarding us against and how does encryption fit into that
|
|
endeavor? Despite our opposition to their policies on encryption export,
|
|
we assume that NSA operations have some merit. But we would like to be
|
|
able to rationally balance the merits against the costs.
|
|
|
|
The legal right to express oneself is meaningless if there is no secure
|
|
medium through which that expression may travel. By the same token, the
|
|
right to hold unpopular opinions is forfeit unless one can discuss those
|
|
opinions with others of like mind without the government listening in.
|
|
|
|
Even if you trust the current American government, as I am still
|
|
inclined to, there is a kind of corrupting power in the ability to
|
|
create public policy in secret while assuring that the public will have
|
|
little secrecy of its own.
|
|
|
|
In its secrecy and technological might, the NSA already occupies a very
|
|
powerful position. And conveying to the Department of Justice what
|
|
amounts to licensing authority for all communications technology would
|
|
give it a control of information distribution rarely asserted over
|
|
English-speaking people since Oliver Cromwell's Star Chamber
|
|
Proceedings.
|
|
|
|
Are there threats, foreign or domestic, which are sufficiently grave to
|
|
merit the conveyance of such vast legal and technological might? And
|
|
even if the NSA and FBI may be trusted with such power today, will they
|
|
always be trustworthy? Will we be able to do anything about it if they
|
|
aren't?
|
|
|
|
Senator Frank Church said of NSA technology in 1975 words which are more
|
|
urgent today:
|
|
"That capability at any time could be turned around on the American
|
|
people and no American would have any privacy left. There would be no
|
|
place to hide. If this government ever became a tyranny, the
|
|
technological capacity that the intelligence community has given the
|
|
government could enable it to impose total tyranny. There would be no
|
|
way to fight back, because the most careful effort to combine together
|
|
in resistance to the government, no matter how privately it was done, is
|
|
within the reach of the government to know. Such is the capacity of this
|
|
technology."
|
|
|
|
San Francisco, California
|
|
Monday, May 4, 1992
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The EFF encourages any organization which might have a stake in
|
|
the future of cyberspace to become involved.
|
|
Letters expressing your concern may be addressed to:
|
|
|
|
Sen. Ernest Hollings
|
|
Chairman, Senate Commerce Committee
|
|
U.S. Senate
|
|
Washington, DC
|
|
and to
|
|
Don Edwards
|
|
Chairman, Subcommitee on Constitutional Rights
|
|
House Judiciary Committee.
|
|
Washington, DC
|
|
|
|
I would appreciate hearing those concerns myself. Feel free to copy
|
|
me with those letters at my physical address,
|
|
|
|
John Perry Barlow
|
|
P.O. Box 1009
|
|
Pinedale, WY 82941
|
|
or in Cyberspace -- barlow@eff.org.
|
|
|
|
If your organization is interested in becoming part of the digital
|
|
privacy working group, please contact the EFF's Washington office at:
|
|
|
|
666 Pennsylvania Avenue SE,
|
|
Suite 303,
|
|
Washington, DC 20003
|
|
202/544-9237
|
|
|
|
EFF also encourages individuals interested in these issues to join the
|
|
organization. Contact us at:
|
|
|
|
Electronic Frontier Foundation
|
|
155 Second Street
|
|
Cambridge, MA 02141
|
|
617/864-0665
|
|
eff-request@eff.org.
|
|
|
|
|
|
|
|
|