[455] in cryptography@c2.net mail archive
Re: Clintons new crypto regs
daemon@ATHENA.MIT.EDU (Declan McCullagh)
Tue Apr 1 21:11:52 1997
In-Reply-To: <333B12B2.3932@mail.idt.net>
Date: Tue, 1 Apr 1997 18:34:49 -0500
To: cryptography@c2.net
From: Declan McCullagh <declan@well.com>
At 7:37 PM -0500 3/27/97, jay holovacs wrote:
>By now many of you may have seen the draft of Clinton's proposed
>key escrow program (http://www.cdt.org/crypto/admin_397_draft.html).
>While the bill *claims* to be voluntary, it has a number of very
>frightening features, and is probably just a first step toward domestic
>government crypto control.
Excellent points. I've attached my observations of a week ago. I posted
this an hour after I first read the draft, so they're not very reflective,
but perhaps may be useful nonetheless.
-Declan
************
Date: Wed, 26 Mar 1997 14:48:41 -0500
To: fight-censorship-announce@vorlon.mit.edu
From: Declan McCullagh <declan@well.com>
Subject: FC: White House proposes controls on domestic crypto
Sender: owner-fight-censorship-announce@vorlon.mit.edu
X-FC-URL: Fight-Censorship is at http://www.eff.org/~declan/fc/
CDT deserves our thanks for making the text of the White House's
proposed crypto-bill available.
This legislation says that you only can play in the online
commerce game (are you are who you say you are?) if you hand
over a copy of your private key: "to allow lawful recovery of
the plaintext of that person's encrypted data and
communications." Or, perhaps, if you make other acceptable
"arrangements," which presumably include self-escrow by large,
approved firms.
My first take on the legislation is simple: why should the U.S.
government be in the business of setting up any kind of key
escrow framework? As CDT says, the bottom line is: GUARANTEED
GOVERNMENT ACCESS to your most confidential writings, documents,
and ideas.
The crypto debate includes few grey areas. Either your key is
escrowed or it isn't. Either we have export controls or we
don't. I've found the Clinton administration to be unwilling to
move as far as mandatory domestic key escrow -- allowing
government access to encrypted traffic -- so it's tried smaller
steps into the grey. Clipper was one. The "relaxed" export
controls last year and the shift to Commerce was another. So is
this. (I'd guess this bill is also the administration's way to
jumpstart the domestic key escrow industry through liability
caps.)
Perhaps most disturbingly, the current wording allows the Feds
to have access to your encryption keys without a court order:
"to a law enforcement or national security government agency
upon receipt of written authorization in a form to be specified
by the Attorney General."
Only written authorization? No court order? This would take us
back to the 1970s when the attorney general issued wiretap
orders without court approval, when the Nixon administration
used the FBI to spy on its political enemies and civil rights
leaders, when the FBI was best known for its "black bag jobs,"
burglaries, and illegal bugging.
Speaking at a Cato Institute forum yesterday, the ACLU's Barry
Steinhardt had it right: "We have to recognize we have histories
of abuses in this country of wiretapping for political
purposes." Now the Clinton administration wants the power to do
the same with encryption.
-Declan
-------------------------
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/
