FBI calls for mandatory key escrow; Denning on export ctrls
I don't usually send crypto-stuff to nanog, but folks here might want to check out the second graf. --Declan ---------- Forwarded message ---------- Date: Wed, 3 Sep 1997 14:13:10 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: cypherpunks@toad.com Subject: FBI calls for mandatory key escrow; Denning on export ctrls WASHINGTON, DC -- All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon. FBI Director Louis Freeh also told a Senate Judiciary subcommittee that "network service providers should be required to have some immediate decryption ability available" permitting agents to readily descramble encrypted messages that pass through their system. This marks the most aggressive push to date for mandatory domestic key escrow (or "key recovery"), which means someone else other than the recipient can decipher messages you send out. Now, the easiest way to win such a political tussle in Washington is to control the terms of the debate. And nobody understands that rule better than Sen. Jon Kyl (R-Arizona), chair of the Judiciary subcommittee on technology, terrorism, and government information. Kyl opened today's hearing not by saying its purpose was to discuss crypto in a balanced manner, but that he wanted "to explore how encryption is affecting the way we deal with criminals, terrorists, and the security needs of business." Then he talked at length about "criminals and terrorists" using crypto, and child pornographers "using encryption to hide pornographic images of children that they transmit across the Internet." Kyl also stacked the three panels. Out of seven witnesses, five were current or former law enforcement agents. No privacy or civil liberties advocates testified. Some companies including FedEx apparently dropped out when told they'd have to pay lip service to key escrow if they wanted to speak. Dorothy Denning, a Georgetown University professor of computer science, did testify. Kyl made a point of asking her if she still supported key escrow systems (two recent articles by Will Rodger and Simson Garfinkel said she was changing her mind). "I think key recovery offers a very attractive approach," Denning said. What about export controls? "In the absence of any controls, the problem for law enforcement would get worse," she replied. But when Sen. Dianne Feinstein (D-Calif) asked if Denning would support a *mandatory* key escrow system, the computer scientist said she wouldn't. "No, because we don't have a lot of experience we key recovery systems... a lot of people are legitimately nervous." (Keep in mind that although Feinstein supposedly represents Silicon Valley, she's no friend of high tech firms. She opposes lifting export controls; in fact, she says that "nothing other than some form of mandatory key recovery really does the job" of preventing crime. Of course, Feinstein doesn't have a clue. She talks about whether businesses would want "a hard key or digital key or a key infrastructure." Yes, folks, this is in fact meaningless blather.) Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, DC, says, "Simply stated, the Senate train is headed in the wrong direction. But of course this doesn't answer the question of what will ultimately be resolved by Congress? There's a very popular measure in the House right now that's heading in a different direction." Rotenberg is talking about Rep. Bob Goodlatte's SAFE bill, which is much more pro-business than S.909, the McCain-Kerrey Senate bill that Kyl supports. Now, S.909 doesn't mandate key recovery; it only strongly encourages it by wielding the federal government's purchasing power to jumpstart a key recovery infrastructure. But Kyl would go further. At a recent Heritage Foundation roundtable on encryption, I asked him, "Why not make key recovery technology mandatory -- after all, terrorists, drug kingpins and other criminals won't use it otherwise." Kyl's response? Not that it would be a violation of the Constitution's due process and search and seizure protections. Instead, he told me he simply didn't have enough votes... -Declan (Email me for info on the DC cypherpunks party this Saturday!)
On Wed, 3 Sep 1997, Declan McCullagh wrote:
FBI Director Louis Freeh also told a Senate Judiciary subcommittee that "network service providers should be required to have some immediate decryption ability available" permitting agents to readily descramble encrypted messages that pass through their system.
One last point: here are some excerpts from the transcript that amplify Freeh's argument about ISPs (and backbone providers?). --Declan --- MR. FREEH: Yes. I think the legislation has to begin by requiring the manufacturers to have the feature available and then take up the larger and maybe more complex discussion about how that's enabled. Is it done voluntary by the user? Is the network provider of the service required to have that immediate decryption ability because they're providing a public service? And there's a lot of permutations of that which we're trying to work through. But the key concept - you've hit the nail right on the head, Senator. [...] MR. FREEH: Senator, just the point that I made before, that I think it's a worthwhile issue for discussion to look at whether network service providers should also be required to have some immediate decrypting ability to respond to a court order. We work, as you know, particularly in the pedophile cases, with on-line services who give us, when we run up against encryption, court-authorized access to information that is the subject of crimes. And that deals in many respects with our problem, particularly as networks proliferate and more and more people use them for communications. It also maintains the court-authorized requirement and it also gives us the balance that I think is required in a policy that's going to work.
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn?? What a sad state. I would have at least been amused by an original argument, but to pull out the pedophile trump-card... Someone's desperate. ~~~~~~~~~ ~~~~~~~~~~~ Charles Sprickman Internet Channel INCH System Administration Team (212)243-5200 spork@inch.com access@inch.com
Charles Sprickman sez:
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
Recall the ahem.... preferences of Louis' predecessor.... Maybe there is something that goes along with the job that is NOT revealed in confirmation hearings? -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
On Wed, Sep 03, 1997 at 07:34:25PM -0400, Charles Sprickman wrote:
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
With the rest of porn, it's probably desireable to encourage encryption to confuse the kiddies. :)
What a sad state.
I would have at least been amused by an original argument, but to pull out the pedophile trump-card... Someone's desperate.
I wonder that they're so worried about it. This doesn't seem the case in Europe .. it's like we really gotta fight crime, as we have so much of it, but we never think why we have all this crime, and if maybe we're not just chasing ourselves in circles worrying over it. :/ -- //Dan -=- This message brought to you by djhoward@uiuc.edu -=- \\/yori -=- HOME PAGE! http://www.uiuc.edu/ph/www/djhoward/ -=- "On page 207 I finally learned how to check my E-mail with Pine!"
Charles Sprickman wrote...
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
What a sad state.
I would have at least been amused by an original argument, but to pull out the pedophile trump-card... Someone's desperate.
This is a typical move to try to gather support from otherwise unrelated and/or uninterested groups. If the government wanted to start putting pedophiles in jail on a mass basis, all they have to do ... well we all know exactly what they can do and how easy it is. -- Phil Howard KA9WGN +-------------------------------------------------------+ Linux Consultant | Linux installation, configuration, administration, | Milepost Services | monitoring, maintenance, and diagnostic services. | phil at milepost.com +-------------------------------------------------------+
On Wed, 3 Sep 1997, Charles Sprickman wrote:
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
What a sad state.
I would have at least been amused by an original argument, but to pull out the pedophile trump-card... Someone's desperate.
Yep. Here's a report from June. -Declan ---------- Forwarded message ---------- Date: Thu, 19 Jun 1997 16:18:24 -0400 From: Declan McCullagh <declan@well.com> To: fight-censorship-announce@vorlon.mit.edu Subject: FC: Senate panel nixes ProCODE II, approves McCain-Kerrey bill In the end, it was child pornography that derailed encryption legislation in the U.S. Senate and dealt a bitter defeat to crypto supporters. Spurred by the chairman's denunciations of cyberporn, a majority of the Senate Commerce Committee rejected ProCODE II this morning -- and instead approved a bill introduced earlier this week that creates new Federal crimes for some uses of crypto and an all-but-mandatory key escrow infrastructure. Sen. John McCain (R-Ariz.), committee chair and chief sponsor of the measure, led the attack, saying Congress must "stop child pornography on the Internet and Internet gambling. These legitimate law enforcement concerns cannot and should not be overlooked or taken lightly." He warned that allowing encryption to be exported would permit child pornographers to use it. "If it's being used for child pornography? Are we going to say that's just fine? That's it's just business? I don't think so." Then Sen. Kay Bailey Hutchinson (R-Tex.) chimed in, saying she doesn't want "children to have access to pornography or other bad types of information." Sen. John Ashcroft (R-MO) tried to disagree. "It's like photography. We're not going to [ban] photography if someone takes dirty pictures." (At this point, one of the more deaf committee members asked, "Pornography? Are we going to ban pornography?") Between the child-porn attack team of senators McCain, Hollings, Kerry, and Frist, ProCODE sponsor Sen. Sen. Conrad Burns (R-Mont.) didn't stand a chance. Hunched over the microphone, Burns was outmaneuvered, outprepared, and outgunned on almost every point. Nevertheless, he introduced ProCODE II -- a so-called compromise measure -- and was defeated 8-12. The changes from ProCODE I gave the NSA, FBI, and CIA oversight over crypto exports and permitted only the export of up to 56-bit crypto products without key escrow. Products of any strength with key escrow could be exported freely. That's hardly a pro-privacy, pro-encryption bill, says the ACLU's Don Haines. "The ProCODE vote shows the political bankruptcy of the pro-business agenda. Even in the Commerce Committee, commerce arguments didn't work," he says. The committee also approved amendments proposed by Kerry that would give jurisdiction over crypto exports to a nine-member "Encryption Export Advisory Board." The panel would "evaluate whether [a] market exists abroad" and make non-binding recommendations to the president. Frist also introduced amendments to the McCain-Kerrey bill that were accepted: * Requiring that not any Federally-funded communications network, but only ones established "for transaction of government business" would use key escrow -- thereby jumpstarting the domestic market. * "Requirements for a subpoenas [sic] should be no less stringent for obtaining keys, then [sic] for any other subpoenaed materials." * Key recovery can mean recovering only a portion of the key "such as all but 40 bits of the key." * NIST after consulting with DoJ and DoD will "publish a reference implementation plan for key recovery systems;" the law will not take effect until the president tells Congress such a study is complete. After the vote, advocacy groups tried to put a good face on the devastating loss -- and an expensive defeat it was. After 15 months of lobbying, countless hearings, backroom dealmaking, and political capital spent, ProCODE is gutted and dead. "There's another day. We have confidence in the system," said BSA's Robert Holleyman. CDT's Jerry Berman said, "What is encouraging is that unlike the CDA other committees are getting involved." Of course, the involvement of other committees is only likely to add more key escrow provisions and limitations on crypto-exports. ProCODE's replacement -- the McCain-Kerrey bill -- now goes to the Senate Judiciary committee, and its chairman has already been talking about mandating key escrow in some circumstances... -Declan ------------------------- Declan McCullagh Time Inc. The Netly News Network Washington Correspondent http://netlynews.com/ -------------------------------------------------------------------------- This list is public. To join fight-censorship-announce, send "subscribe fight-censorship-announce" to majordomo@vorlon.mit.edu. More information is at http://www.eff.org/~declan/fc/
On Wed, 3 Sep 1997, Charles Sprickman wrote:
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
(I was going to ignore this thread too, as it's way off charter, but I can't resist this one) Isn't it obvious? Seems so to me, certainly is if you've followed the gun control debates of the years. In order to prevent widespread use of encryption, which the US government, as well as virtually all governments, are depserate to do, you have to garner some support from the voters. If you point out how it (strong encryption) helps businesses expand on the Internet and helps them buy stuff on the net they'll never want to ban it. If, on the other hand, you point out all the "evil" uses of it, build a straw man case of it being used by terrorists, drug lords, pedophiles, tax evaders, satan worshippers, etc, then you garner support. After all, who will stand up to their congressman for the right of pedophiles to encrypt their wicked graphics? Of terrorists to plot their evil plots in secret? So we end up with law enforcement and spook agencies decrying the pedophiles and wanting to "maintain the status quo" of being able to tap anyone's phone line. And you get nonsense statements to give voters warm fuzzies, like "airbags in a car".
What a sad state.
Indeed.
I would have at least been amused by an original argument, but to pull out the pedophile trump-card... Someone's desperate.
You have to pull out the pedophile card, because the drug-lord key phrase has been so overused for the last decade that it doesn't elicit the desired response anymore. And I agree about the desperation. --- David Miller ---------------------------------------------------------------------------- It's *amazing* what one can accomplish when one doesn't know what one can't do!
david@sparks.net sez:
If, on the other hand, you point out all the "evil" uses of it, build a straw man case of it being used by terrorists, drug lords, pedophiles, tax evaders, satan worshippers, etc, then you garner support.
No. You must get it right. It is: Drug dealing, money-laundering, nuclear terrorist, pedophiles... You can change the order around, but Louis is always careful to list all of those Four Horseman, and you must too... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
participants (6)
-
Charles Sprickman
-
Dannyman
-
David Lesher
-
david@sparks.net
-
Declan McCullagh
-
Phil Howard