;Date 27 Oct 92 17:22:28 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: Threat to our privacy Options: kill-sent private ;Status: recv'd (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!shearson.com!pmetzger From: pmetzger@shearson.com (Perry E. Metzger) To: cypherpunks@toad.com Date: Tue, 27 Oct 92 18:46:26 EST For Cypherpunks: A copy of mail I just sent to... libernet@dartmouth.edu, extropians@gnu.ai.mit.edu, prz@sage.cgd.ucar.edu, mike@eff.org, mkapor@eff.org [This is being sent out to a wide audiance. If you receive this, its because My friends, its rare of me to try to encourage panic. Occassionally, however, by panicing early we can avert a disaster later on. Risks, an internet mailing list, reported about a week ago on a proposal by Dr. Dorothy Denning, one of the most prominent people in the field of cryptography, that copies of all private encryption keys associated with public key cryptographic systems be held, effectively by the government, to permit them to read people's encrypted messages to each other. Naturally, such invasions of privacy will only be permitted "when a warrant is produced". It has been suggested that this idea might be taken up by several government agencies for "review". Many have noted that the dawning of cheap and effective cryptographic systems could spell the end of the ability of governments to invade people's privacy. Unfortunately, it appears that the government and its cronies have also realized this, and intend to take preemptive action. Our notion of civil rights has decayed so far that it is now considered a citizen's duty to not merely be quiet while he is enslaved but to actively cooperate with his own enslavement. Not merely must we put up with the indignity of the government being granted the right to read our papers and communications to each other, not merely has the FBI attempted to get legislation passed to make phone companies give them easier access to tap phone lines under color of "maintaining the current capability in the presense of new technology", but now it is suggested that we ordinary citizens must personally cooperate to make it easier for them to read our communications. We will be branded criminals if we fail to cooperate, presuming that ideas like this are enacted. It is crucial that the fiends proposing this be convinced that resistance will be too high to implement their plan. It is crucial that before they can even propose legislation that the threat here be brought to the attention of the news media. If the currently proposed FBI legislation were passed, a dictatorial government would have all the tools it would need to tap all the phones in the country -- the only thing restraining that behavior would be a system of warrants that could disappear with a mere change in attitude. If Denning's more serious and sinister idea were proposed for future enactment as legislation (this has not yet been proposed), it would become impossible for individuals to take any action to protect their own communications privacy from a dictatorial regime, even ignoring the question of abuses that could occur right now. I'm convinced that the only thing that prevented the FBI bill from passing this year was the fact that media attention was brought to bear. Its important that this new proposal be exposed to similar sunshine. Far be it for me to suggest restraint of free speech, but I would like to see people think of making such suggestions as having the social acceptability of calling a black person "nigger". Here, for reference, is a copy of an article Dr. Denning just posted to sci.crypt on usenet. I encourage people, rather than discussing this matter on libernet or extropians, to discuss this on sci.crypt where the topic is just breaking. Perry Metzger ---------------------------------------------------------------------- Article 6275 of sci.crypt: Path: shearson.com!uunet!uunet!think.com!sdd.h p.com!zaphod.mps.ohio-state.edu!darwin.s ura.net!guvax.acc.georgetown.edu!denning From: denning@guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: Re: A Trial Balloon on Registered Keys Message-ID: <1992Oct27.143737.1574@guvax.acc.georgetown.edu> Date: 27 Oct 92 14:37:37 -0500 Distribution: world Organization: Georgetown University Lines: 94 The posting about the proposal I made at the NCSC for key registration is essentially correct. Let me add to it the following: 1. The government is not taking any action to curb crypto and is unlikely to take any such action in the near future. No proposal has been made and no government agency that I am aware of has plans to make such a proposal. The closest we've had to a proposal was a "Sense of Congress" resolution in Senate Bill 266 over a year ago. This would not have mandated anything, but said it was the sense of Congress that service providers should provide accesss to the plaintext of encrypted communications under a court order. It got a lot of opposition and was withdrawn. Thus, don't panic folks -- this was just me making a suggestion. I didn't realize I had that much clout to cause such a stir and call to arms! I expect that the next step will be government sponsored discussions about crypto policy, probably sponsored by NIST, at the recommendation of the Computer System Security Advisory Board headed by Willis Ware. That will provide a forum to work through these issues. 2. The reason I made the proposal is because I am concerned that we may be facing a major crisis in law enforcement. I expect many of you will say "that's wonderful" but I don't see it that way. Electronic surveillance has been an essential tool in preventing serious crimes such as terrorist attacks and destabilizing organized crime. The economic benefits alone are estimated to be in the billions. This issue is not about snooping on innocent citizens but about doing what we can do prevent major crimes that could seriously disrupt other liberties. The problem is likely to get even worse if criminals know they use the telecommunications systems without any chance of getting caught. 3. My proposal was to register your private key with a trustee, different from the government. The key would be encrypted under some other public key so the trustee couldn't decrypt it. I have suggested it be the key of the DOJ, but it could be another independent trustee. I believe this would provide acceptably good protection since someone would need to get a court order and then the cooperation of 3 agencies to get at your communications: the telecommunications provider (to get the bit stream), the first trustee (to get the encrypted key), and the second to decrypt it. Experience with the telecom providers has been that they are very fussy about court orders -- you have to get the semicolons right! You can get even more security by using Silvio Micali's "fair public-key cryptosystem" approach. Called "fair" because it is designed to strike a balance between the needs of the Government and those of the citizens. With his approach, you would break your key up into 5 parts and give it to different trustees. All 5 parts are needed to reassemble it, but it is possible to veryify the parts individually and as a whole without putting them together -- ingenious! He presented this at CRYPTO '92. 4. Someone suggested that law enforcement routinely taps without court order. This is an ungrounded claim for which I have never seen any evidence. Regardless, their ability to do this is disappearing with the new digital based technologies. They need the help of the service providers, who in turn ask for court orders. Court orders are not all that easy to get as law enforcers have to document why other approaches have failed etc. 5. Many people have noted that you could not enforce key registration. They may be right, but I am not throwing in the towel yet. Let's take phones, which is what law enforcers are most interested in. Products are emerging that you can attach to your phone and that will do DES encryption. Criminals and everyone else are most likely to use commercial products -- easiest to get and cheapest. The products could be designed so key registration would essentially be part of the sales process. There can be social benefit to government regulation even when regulation is not 100% successful. None of our laws prevent the acts they outlaw. But this does not mean we should get rid of all laws. 6. Some people have said we should not give up our privacy to the government. But the constitution does not give us absolute privacy. We are protected from unreasonable searches and seizures, but not reasonable ones in response to "probable cause" of crime. In all areas of our lives, the government can invade our privacy if they have good reason to believe we are engaged in major criminal activity. They can break into our homes, our safes, and so on. Do we really want a society where electronic communications cannot ever be broken when there is good reason to believe some major threat against society is being planned? Thank you for your comments and for encouraging those on the other news groups to move over to sci.crypt. I'll try to keep up with this newsgroup and respond to other comments if appropriate, but I honestly can't track them all. Dorothy Denning denning@cs.georgetown.edu (posting from guvax) ---------------------------------------------------------------------- ;Date 28 Oct 92 19:31:44 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: (fwd) Registering "Assault Keys" Options: kill-sent private ;Status: recv'd (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) To: cypherpunks@toad.com Date: Wed, 28 Oct 92 16:08:09 PST Cc: tcmay@netcom.com (Timothy C. May) Cypherpunks, Things have gotten truly exciting. The posting I made alerting sci.crypt readers to the plans of the Crypto Establishment has generated something close to a hundred responses! And lots of private mail for me (moral support, questions, etc.). Dorothy Denning, in what writer correctly called a "spirited defense" of her proposal, acknowledged the truth of my posting and then went on to embellish her plan. I urge you all to read her well-written comments, if only to see how the Establishment views crypto technology. Several members of this list have also written cogent comments. My latest article is included below, for those of you who may not have Net access. Newsgroups: sci.crypt,comp.org.eff.talk,alt.privacy,talk.politics.guns Path: netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) Subject: Registering "Assault Keys" Message-ID: <1992Oct28.235027.28039@netcom.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 Date: Wed, 28 Oct 1992 23:50:27 GMT Registering "Assault Keys" -- How the Proposal to Register Encryption Keys Has Ominous Parallels to Gun Control The recent proposal that encryption keys be registered with the government has some natural and terrifying implications. (For those to whom this proposal is new, strange, or disturbing, please see the debate raging mainly in the newsgroup "sci.crypt".) Once the principle is established that private communications, letters, faxes, modem transmissions, etc. must be in a form readable--under court order, as Dorothy Denning's proposal goes--by the government, and that "public key encryption" keys must be registered with the authorities, then we can expect the following: * _Classes_ of encryption keys, with some especially strong (in a cryptograhic sense) keys being declared "assault keys," just as certain classes of semiautomatic rifles have been branded "assault weapons" and subjected to media villification and even confiscation by the authorities. In analogy with firearms, there may be "Class 1" dealers in "dangerous" keys. * There may even be _bans_ on the registration (and hence use) of certain classes of algorithms and key lengths. For example, "civilians" may be allowed to use DES, but not RSA. Or the key length may be restricted in various ways. * Strict controls over the types of algorithms allowed. After all, what use will a key be if the government can't run the algorithm? This, by the way, will be another way to control the spread of encryption technology: if only licensed, inspected, and approved algorithms are acceptable to the key registration authorities, innovation and experimentation will suffer. This may make RSA Data Security, Inc., very happy, as it may get the "franchise," while users of bootleg/contraband/experimental algorithms like PGP 2.0 ("Pretty Good Privacy") face severe sanctions. * Spot checks will have to be done to ensure compliance. This may be done in various ways, such as by randomly checking bitstreams and demanding the sender open the message. (Note: Many have posted that this would not be possible. Untrue. The Rehnquist Supreme Court ruled a couple of years ago that the police could enter a bus and ask the passengers to "voluntarily" accept a search of their baggage. Failure to volunteer, so reasoned the court, constituted probable cause for a search! "Catch-22" meets "1984.") * The penalties for noncompliance, or for hiding encrypted messages inside other messages, will likely be severe, else widespread civil disobedience and claims of "ignorance" will result. (Personally, I _expect_ widespread noncompliance. Many people will even flaunt their noncompliance, encrypting truly innocuous messages that few courts, they will hope, will convict them for. Here in California, the noncompliance rate for registration of those evil "assault weapons" is estimated to be as high as 80%.) (My best guess is that the "RICO" (Racketeer-Influenced and Corrupt Organizations Act) and civil forfeiture approaches will be used to simply seize the equipment of anyonone caught sending messages without the suitable seals of approval. Such seizures, used with suspected gun sellers, suspected X-rated video sellers, suspected drug dealers. and so on, have had a profoundly chilling effect.) * A registration system, even if well-intentioned and secured against casual government snooping (and some of the multi-party escrow systems may help do this), will still _greatly complicate_ the use of encryption and will forestall certain very exciting applications of cryptology. Many of the new proposals, for things like anonymous credentials to protect privacy, for digital cash, and for cryptographic voting systems, essentially require the _dynamic_ generation of keys! That is, keys are generated frequently as part of the protocols...there is not single static "public key" that one generates once and then takes down to the crypto equivalent of the DMV for registration. * As with guns, true criminals will of course ignore these laws. Computer networks are already being used for messages that evade wiretaps (as one example, a Mafia guy in New Jersey, on the run, used a well-known computer service to communicate untraceably with his wife), that are used for laundering information and money, and so on. Taking encryption away from citizens will do nothing. I urge readers to get involved in this debate. "If encryption is outlawed, only outlaws--and the NSA--will have encryption." -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. ;Date 28 Oct 92 19:31:52 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: National Security Agency Options: kill-sent private ;Status: recv'd (read 2 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) To: cypherpunks@toad.com Date: Wed, 28 Oct 92 18:39:52 PST Cc: tcmay@netcom.com (Timothy C. May) Cypherpunks of the world, encrypt! Enclosed below is a posting I made to debunk Denning's claim that the proposed key registration is needed to thwart criminals. P.S. I still need more comments on how the Hackers session on crypto should go. I've gotten some good private e-mail, but little debate here on the list itself. --Tim Newsgroups: sci.crypt,comp.org.eff.talk,alt.conspiracy Path: netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) Subject: Re: A Trial Balloon on Registered Keys Message-ID: <1992Oct29.022842.8177@netcom.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 References: <1992Oct28.214920.15601@tessi.com> Date: Thu, 29 Oct 1992 02:28:42 GMT Some comments about the National Security Agency (NSA) and why it wants to restrict wide use of encryption. George Mitchell (george@tessi.com) wrote: : Now it's my turn to go out on a limb. I believe that all the parti- : cipants in this discussion would agree that: When the Government : can show, through legitimately obtained evidence, that a particular : encrypted communication relates to a crime, then they can, after : the fact, subpoena the plaintext of that communication. What : most of us object to is having to yield the keys before the fact. Agreed. The current procedure for subpoenaing documents works fairly well. But Prof. Denning's comments clearly indicate the concern is with catching terrorists, kidnappers, subversives, and other such types _in the planning stage_. That is, wiretapping and surveillance. And I'll got out on a limb, too. My suspicion, and that of many others, is that the case of the FBI catching terrorists before the act in the U.S. (and there's a well-known case of a Japanese Red Army terrorist caught in the Midwest several years ago) reveals the sources the FBI uses. The NSA is the likely source. Only the NSA listening in on millions of telephone conversations (not banned by any law...the laws you hear about on wiretapping and surveillance mostly deal with the FBI, law enforcement, and, supposedly, the CIA. The NSA is almost completely exempt from such laws.). If you haven't yet read James Bamford's "The Puzzle Palace," run out and get a copy and read it. You'll see why former DIRNSA General Odom called Bamford "an unindicted felon." (Why in the eyes of the National Security Establishment, that is.) SIGINT OPERATION MINARET, begun in 1969 when Nixon declared the "War on Drugs," brought the NSA together with the FBI, CIA, BNDD (Bureau of Narcotics and Dangerous Drugs, precursor to DEA) to launch a series of new surveillance programs. In May 1970 the NSA extended routine surveillance to _pay phones_ in suspect areas (sound familiar, with the Digital Telephony Bill?). The release of the Pentagon Papers in 1971 revealed the extent of FBI and NSA elsur (electronic surveillance) on U.S. citizens. OPERATION SHAMROCK goes back even further. Beginning in 1945, the FBI and NSA (its precursors, actually, such as Army Signal Corps, etc.) cooperated to monitor dissidents, radicals, authors, etc. It was not until October 1973 that about-to-be-fired Attorney General Elliot Richardson (now fighting for INSLAW in a very similar case, which Prof. Denning ought to read about) ordered the FBI and the CIA's "Security Service" (aptly named SS) to stop requesting NSA surveillance material. In 1977 the Justice Department recommended against prosecution of the FBI and NSA employees engaged in Shamrock and Minaret. Few Americans understand how pervasive is the NSA's listening system. COINTELPRO, Huston Plan, RCA Global (provided copied of all telegrams for 40 years!), FINCEN, and so many other keywords! Huge antennas in West Virginia, in Idaho, and elsewhere (mostly located near major satellite downlinks). Read Bamford's book. Then be afraid....be _very_ afraid. Understand that there are virtually no laws governing the NSA's surveillance of fax machines, modems, the Internet (including all of these postings, obviously), voice phones, telex and TWX, and on and on. Because of the "national security" role, wide lattitude is given. No doubt some criminal plans are uncovered. The NSA detected, it has been admitted, the planned bombing of the Berlin discotheque that led to the '86 raid on Libya. (However, the bombing still occurred...draw your own conclusions.) But is it worth the price? Now there is talk of using the NSA's formidable listening abilities for economic espionage against our economic opponents! Is it any wonder the NSA is scared sh..less over the spread of secure and untappable communications systems? Be afraid, be _very_ afraid. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. ;Date 25 Oct 92 19:14:38 From: Uucp@1:125/555 To: Tom Jennings@1:125/111 Subject: Registering Keys with Big Brother Options: kill-sent private ;Status: recv'd (read 9 times) ;INTL 1:125/111 1:125/555 >----------------------- Do not change this line -----------------------------< From kumr!netcom.com!tcmay From: tcmay@netcom.com (Timothy C. May) To: cypherpunks@toad.com Date: Sun, 25 Oct 92 19:09:34 PDT Cc: tcmay@netcom.com (Timothy C. May) Arise, cypherpunks, evil plans are brewing in the bowels of the Beast! I just read a summary of influential crypto guru Dorothy Denning's talk at the recent 15th National Computer Security Conference (held in Baltimore, don't you know, so con-vee-nient to Fort Meade). See the recent RISKS articles in comp.risks (esp. 13.86). Since RISKS is copyrighted, and we wouldn't to do anything to make the lawscums unhappy, I'll summarize: * Denning proposes that anyone using public key encryption over public networks be required to register their private keys with, for example, the Justice Department. * To avoid the risks of someone else getting the key, she suggests the private keys could be encrypted with the _public key_ of Justice, and then held by an independent agency. (Ostensibly, the encryption and registration could be done by the user himself, though some means of verifying compliance would have to be devised.) * To make use of the private key (for example, to read e-mail encrypted with the key), the government would have to get a court order, present it to the independent agency, take the key back to Justice, decrypt it with the private key of Justice, and then proceed with their surveillance and whatnot. This is ostensibly like the procedure for wiretapping. However, it would screw up the use of encryption in many ways. Registering a key would precluded frequent key changes, would probably cost some fee (on the order of $50, like a driver's license, I'd guess), and would of course greatly complicate the use of digital pseudonyms and all the other neat stuff we've talked about (but which caution tells me not to discuss here on an open and unsecured list...you can check my .sig to see where I stand, of course). My hunch is that Denning and the other "quaint" (cf. Sterling's "The Hacker Crackdown" for a description of how the crypto bigwigs interact with hackers at CFP and elsewhere) cryptheads have alerted the government to the _real_ threat of cryto tools. Position papers are being released as trial balloons, to prepare the way for a "Crypto Crackdown." I hope I'm wrong. We need more information. Let's talk to someone who went to this conference and get the Proceedings as quickly as possible. Cryptically Yours, --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.