;Date      27 Oct 92 17:22:28
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   Threat to our privacy
Options:   kill-sent private 
;Status:   recv'd (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!shearson.com!pmetzger
From: pmetzger@shearson.com (Perry E. Metzger)
To:   cypherpunks@toad.com
Date: Tue, 27 Oct 92 18:46:26 EST

For Cypherpunks: A copy of mail I just sent to...
       libernet@dartmouth.edu, extropians@gnu.ai.mit.edu,
       prz@sage.cgd.ucar.edu, mike@eff.org, mkapor@eff.org


[This is being sent out to a wide audiance. If you receive this, its
because 

My friends, its rare of me to try to encourage panic. Occassionally,
however, by panicing early we can avert a disaster later on.

Risks, an internet mailing list, reported about a week ago on a
proposal by Dr. Dorothy Denning, one of the most prominent people in
the field of cryptography, that copies of all private encryption keys
associated with public key cryptographic systems be held, effectively
by the government, to permit them to read people's encrypted messages
to each other. Naturally, such invasions of privacy will only be
permitted "when a warrant is produced". It has been suggested that
this idea might be taken up by several government agencies for
"review".

Many have noted that the dawning of cheap and effective cryptographic
systems could spell the end of the ability of governments to invade
people's privacy. Unfortunately, it appears that the government and
its cronies have also realized this, and intend to take preemptive
action. Our notion of civil rights has decayed so far that it is now
considered a citizen's duty to not merely be quiet while he is
enslaved but to actively cooperate with his own enslavement. Not
merely must we put up with the indignity of the government being
granted the right to read our papers and communications to each other,
not merely has the FBI attempted to get legislation passed to make
phone companies give them easier access to tap phone lines under color
of "maintaining the current capability in the presense of new
technology", but now it is suggested that we ordinary citizens must
personally cooperate to make it easier for them to read our
communications. We will be branded criminals if we fail to cooperate,
presuming that ideas like this are enacted.

It is crucial that the fiends proposing this be convinced that
resistance will be too high to implement their plan. It is crucial
that before they can even propose legislation that the threat here be
brought to the attention of the news media. If the currently proposed
FBI legislation were passed, a dictatorial government would have all
the tools it would need to tap all the phones in the country -- the
only thing restraining that behavior would be a system of warrants
that could disappear with a mere change in attitude. If Denning's more
serious and sinister idea were proposed for future enactment as
legislation (this has not yet been proposed), it would become
impossible for individuals to take any action to protect their own
communications privacy from a dictatorial regime, even ignoring the
question of abuses that could occur right now. I'm convinced that the
only thing that prevented the FBI bill from passing this year was the
fact that media attention was brought to bear. Its important that this
new proposal be exposed to similar sunshine. Far be it for me to
suggest restraint of free speech, but I would like to see people
think of making such suggestions as having the social acceptability of
calling a black person "nigger".

Here, for reference, is a copy of an article Dr. Denning just posted
to sci.crypt on usenet.

I encourage people, rather than discussing this matter on libernet or
extropians, to discuss this on sci.crypt where the topic is just
breaking.

Perry Metzger

----------------------------------------------------------------------

Article 6275 of sci.crypt:
Path: shearson.com!uunet!uunet!think.com!sdd.h
p.com!zaphod.mps.ohio-state.edu!darwin.s
ura.net!guvax.acc.georgetown.edu!denning
From: denning@guvax.acc.georgetown.edu
Newsgroups: sci.crypt
Subject: Re: A Trial Balloon on Registered Keys
Message-ID: <1992Oct27.143737.1574@guvax.acc.georgetown.edu>
Date: 27 Oct 92 14:37:37 -0500
Distribution: world
Organization: Georgetown University
Lines: 94

The posting about the proposal I made at the NCSC for key registration
is essentially correct.  Let me add to it the following:

1.  The government is not taking any action to curb crypto and is 
unlikely to take any such action in the near future.  No proposal has
been made and no government agency that I am aware of has plans to
make such a proposal. The closest we've had to a proposal was a "Sense
of Congress" resolution in Senate Bill 266 over a year ago.  This 
would not have mandated anything, but said it was the sense of 
Congress that service providers should provide accesss to the 
plaintext of encrypted communications under a court order.  It got a lot of 
opposition and was withdrawn.  Thus, don't panic folks -- this was just me
making a suggestion.  I didn't realize I had that much clout to cause
such a stir and call to arms!  I expect that the next step will be government 
sponsored discussions about crypto policy, probably sponsored by NIST,
at the recommendation of the Computer System Security Advisory Board
headed by Willis Ware.  That will provide a forum to work through these 
issues.  

2.  The reason I made the proposal is because I am concerned that we
may be facing a major crisis in law enforcement.  I expect many of
you will say "that's wonderful" but I don't see it that way.  
Electronic surveillance has been an essential tool in preventing 
serious crimes such as terrorist attacks and destabilizing organized crime.
The economic benefits alone are estimated to be in the billions.  This
issue is not about snooping on innocent citizens but about doing what
we can do prevent major crimes that could seriously disrupt other
liberties.  The problem is likely to get even worse if criminals know
they use the telecommunications systems without any chance of getting
caught.

3.  My proposal was to register your private key with a trustee, 
different from the government.  The key would be encrypted under some
other public key so the trustee couldn't decrypt it.  I have suggested
it be the key of the DOJ, but it could be another independent trustee.
I believe this would provide acceptably good protection since someone
would need to get a court order and then the cooperation of 3 agencies
to get at your communications: the telecommunications provider (to get
the bit stream), the first trustee (to get the encrypted key), and
the second to decrypt it.  Experience with the telecom providers has
been that they are very fussy about court orders -- you have to get
the semicolons right!

You can get even more security by using Silvio Micali's "fair 
public-key cryptosystem" approach.  Called "fair" because it is 
designed to strike a balance between the needs of the Government and
those of the citizens.  With his approach, you would break your key
up into 5 parts and give it to different trustees.  All 5 parts
are needed to reassemble it, but it is possible to veryify the parts
individually and as a whole without putting them together -- 
ingenious!  He presented this at CRYPTO '92. 

4.  Someone suggested that law enforcement routinely taps without
court order.  This is an ungrounded claim for which I have never
seen any evidence.  Regardless, their ability to do this is 
disappearing with the new digital based technologies.  They need the
help of the service providers, who in turn ask for court orders.
Court orders are not all that easy to get as law enforcers have to
document why other approaches have failed etc.

5.  Many people have noted that you could not enforce key 
registration.  They may be right, but I am not throwing in the towel
yet.  Let's take phones, which is what law enforcers are most 
interested in.  Products are emerging that you can attach to your
phone and that will do DES encryption.  Criminals and everyone
else are most likely to use commercial products -- easiest to
get and cheapest.  The products could be designed so key registration
would essentially be part of the sales process.

There can be social benefit to government regulation even when 
regulation is not 100% successful.  None of our laws prevent the
acts they outlaw.  But this does not mean we should get rid of
all laws.  

6.  Some people have said we should not give up our privacy to the
government.  But the constitution does not give us absolute privacy.
We are protected from unreasonable searches and seizures, but not
reasonable ones in response to "probable cause" of crime.  In all
areas of our lives, the government can invade our privacy if they
have good reason to believe we are engaged in major criminal activity.
They can break into our homes, our safes, and so on.  Do we really
want a society where electronic communications cannot ever be broken
when there is good reason to believe some major threat against society
is being planned?  

Thank you for your comments and for encouraging those on the other
news groups to move over to sci.crypt.  I'll try to keep up with
this newsgroup and respond to other comments if appropriate, but
I honestly can't track them all.

Dorothy Denning
denning@cs.georgetown.edu (posting from guvax)




----------------------------------------------------------------------

;Date      28 Oct 92 19:31:44
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   (fwd) Registering "Assault Keys"
Options:   kill-sent private 
;Status:   recv'd (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!netcom.com!tcmay
From: tcmay@netcom.com (Timothy C. May)
To:   cypherpunks@toad.com
Date: Wed, 28 Oct 92 16:08:09 PST
Cc:   tcmay@netcom.com (Timothy C. May)


Cypherpunks,

Things have gotten truly exciting. The posting I made alerting
sci.crypt readers to the plans of the Crypto Establishment has
generated something close to a hundred responses! And lots of private
mail for me (moral support, questions, etc.).

Dorothy Denning, in what writer correctly called a "spirited defense"
of her proposal, acknowledged the truth of my posting and then went on
to embellish her plan. I urge you all to read her well-written
comments, if only to see how the Establishment views crypto
technology.

Several members of this list have also written cogent comments.

My latest article is included below, for those of you who may not have
Net access.


Newsgroups: sci.crypt,comp.org.eff.talk,alt.privacy,talk.politics.guns
Path: netcom.com!tcmay
From: tcmay@netcom.com (Timothy C. May)
Subject: Registering "Assault Keys"
Message-ID: <1992Oct28.235027.28039@netcom.com>
Organization: Netcom - Online Communication Services  (408 241-9760 guest) 
X-Newsreader: Tin 1.1 PL5
Date: Wed, 28 Oct 1992 23:50:27 GMT


Registering "Assault Keys" -- How the Proposal to Register Encryption
Keys Has Ominous Parallels to Gun Control


The recent proposal that encryption keys be registered with the
government has some natural and terrifying implications. (For those to
whom this proposal is new, strange, or disturbing, please see the
debate raging mainly in the newsgroup "sci.crypt".)

Once the principle is established that private communications,
letters, faxes, modem transmissions, etc. must be in a form
readable--under court order, as Dorothy Denning's proposal goes--by
the government, and that "public key encryption" keys must be
registered with the authorities, then we can expect the following:

* _Classes_ of encryption keys, with some especially strong (in a
cryptograhic sense) keys being declared "assault keys," just as
certain classes of semiautomatic rifles have been branded "assault
weapons" and subjected to media villification and even confiscation by
the authorities. In analogy with firearms, there may be "Class 1"
dealers in "dangerous" keys.

* There may even be _bans_ on the registration (and hence use) of
certain classes of algorithms and key lengths. For example,
"civilians" may be allowed to use DES, but not RSA. Or the key length
may be restricted in various ways.

* Strict controls over the types of algorithms allowed. After all,
what use will a key be if the government can't run the algorithm?
This, by the way, will be another way to control the spread of
encryption technology: if only licensed, inspected, and approved
algorithms are acceptable to the key registration authorities,
innovation and experimentation will suffer. This may make RSA Data
Security, Inc., very happy, as it may get the "franchise," while users
of bootleg/contraband/experimental algorithms like PGP 2.0 ("Pretty
Good Privacy") face severe sanctions.

* Spot checks will have to be done to ensure compliance. This may be
done in various ways, such as by randomly checking bitstreams and
demanding the sender open the message. (Note: Many have posted that
this would not be possible. Untrue. The Rehnquist Supreme Court ruled
a couple of years ago that the police could enter a bus and ask the
passengers to "voluntarily" accept a search of their baggage. Failure
to volunteer, so reasoned the court, constituted probable cause for a
search! "Catch-22" meets "1984.")

* The penalties for noncompliance, or for hiding encrypted messages
inside other messages, will likely be severe, else widespread civil
disobedience and claims of "ignorance" will result. (Personally, I
_expect_ widespread noncompliance. Many people will even flaunt their
noncompliance, encrypting truly innocuous messages that few courts,
they will hope, will convict them for. Here in California, the
noncompliance rate for registration of those evil "assault weapons" is
estimated to be as high as 80%.)

(My best guess is that the "RICO" (Racketeer-Influenced and Corrupt
Organizations Act) and civil forfeiture approaches will be used to
simply seize the equipment of anyonone caught sending messages without
the suitable seals of approval. Such seizures, used with suspected gun
sellers, suspected X-rated video sellers, suspected drug dealers. and
so on, have had a profoundly chilling effect.)

* A registration system, even if well-intentioned and secured against
casual government snooping (and some of the multi-party escrow systems
may help do this), will still _greatly complicate_ the use of encryption
and will forestall certain very exciting applications of cryptology.
Many of the new proposals, for things like anonymous credentials to
protect privacy, for digital cash, and for cryptographic voting
systems, essentially require the _dynamic_ generation of keys! That
is, keys are generated frequently as part of the protocols...there is
not single static "public key" that one generates once and then takes
down to the crypto equivalent of the DMV for registration.

* As with guns, true criminals will of course ignore these laws.
Computer networks are already being used for messages that evade
wiretaps (as one example, a Mafia guy in New Jersey, on the run, used a
well-known computer service to communicate untraceably with his wife),
that are used for laundering information and money, and so on. Taking
encryption away from citizens will do nothing.


I urge readers to get involved in this debate.


"If encryption is outlawed, only outlaws--and the NSA--will have encryption."



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.


;Date      28 Oct 92 19:31:52
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   National Security Agency
Options:   kill-sent private 
;Status:   recv'd (read 2 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!netcom.com!tcmay
From: tcmay@netcom.com (Timothy C. May)
To:   cypherpunks@toad.com
Date: Wed, 28 Oct 92 18:39:52 PST
Cc:   tcmay@netcom.com (Timothy C. May)

Cypherpunks of the world, encrypt!

Enclosed below is a posting I made to debunk Denning's claim that the
proposed key registration is needed to thwart criminals.

P.S. I still need more comments on how the Hackers session on crypto
should go. I've gotten some good private e-mail, but little debate
here on the list itself.

--Tim


Newsgroups: sci.crypt,comp.org.eff.talk,alt.conspiracy
Path: netcom.com!tcmay
From: tcmay@netcom.com (Timothy C. May)
Subject: Re: A Trial Balloon on Registered Keys
Message-ID: <1992Oct29.022842.8177@netcom.com>
Organization: Netcom - Online Communication Services  (408 241-9760 guest) 
X-Newsreader: Tin 1.1 PL5
References: <1992Oct28.214920.15601@tessi.com>
Date: Thu, 29 Oct 1992 02:28:42 GMT

Some comments about the National Security Agency (NSA) and why it
wants to restrict wide use of encryption.

George Mitchell (george@tessi.com) wrote:

: Now it's my turn to go out on a limb.  I believe that all the parti-
: cipants in this discussion would agree that: When the Government
: can show, through legitimately obtained evidence, that a particular
: encrypted communication relates to a crime, then they can, after
: the fact, subpoena the plaintext of that communication.  What
: most of us object to is having to yield the keys before the fact.

Agreed. The current procedure for subpoenaing documents works fairly
well.

But Prof. Denning's comments clearly indicate the concern is with
catching terrorists, kidnappers, subversives, and other such types _in
the planning stage_. That is, wiretapping and surveillance.

And I'll got out on a limb, too. My suspicion, and that of many
others, is that the case of the FBI catching terrorists before the act
in the U.S. (and there's a well-known case of a Japanese Red Army
terrorist caught in the Midwest several years ago) reveals the sources
the FBI uses. The NSA is the likely source. Only the NSA listening in
on millions of telephone conversations (not banned by any law...the
laws you hear about on wiretapping and surveillance mostly deal with
the FBI, law enforcement, and, supposedly, the CIA. The NSA is almost
completely exempt from such laws.).

If you haven't yet read James Bamford's "The Puzzle Palace," run out
and get a copy and read it. You'll see why former DIRNSA General Odom
called Bamford "an unindicted felon." (Why in the eyes of the National
Security Establishment, that is.)

SIGINT OPERATION MINARET, begun in 1969 when Nixon declared the "War
on Drugs," brought the NSA together with the FBI, CIA, BNDD (Bureau of
Narcotics and Dangerous Drugs, precursor to DEA) to launch a series of
new surveillance programs. In May 1970 the NSA extended routine
surveillance to _pay phones_ in suspect areas (sound familiar, with
the Digital Telephony Bill?). The release of the Pentagon Papers in
1971 revealed the extent of FBI and NSA elsur (electronic
surveillance) on U.S. citizens.

OPERATION SHAMROCK goes back even further. Beginning in 1945, the FBI
and NSA (its precursors, actually, such as Army Signal Corps, etc.)
cooperated to monitor dissidents, radicals, authors, etc. It was not
until October 1973 that about-to-be-fired Attorney General Elliot
Richardson (now fighting for INSLAW in a very similar case, which
Prof. Denning ought to read about) ordered the FBI and the CIA's
"Security Service" (aptly named SS) to stop requesting NSA
surveillance material. In 1977 the Justice Department recommended
against prosecution of the FBI and NSA employees engaged in Shamrock
and Minaret.

Few Americans understand how pervasive is the NSA's listening system.
COINTELPRO, Huston Plan, RCA Global (provided copied of all telegrams
for 40 years!), FINCEN, and so many other keywords! Huge antennas in
West Virginia, in Idaho, and elsewhere (mostly located near major
satellite downlinks). Read Bamford's book. Then be afraid....be _very_
afraid.

Understand that there are virtually no laws governing the NSA's
surveillance of fax machines, modems, the Internet (including all of
these postings, obviously), voice phones, telex and TWX, and on and
on. Because of the "national security" role, wide lattitude is given. 

No doubt some criminal plans are uncovered. The NSA detected, it has
been admitted, the planned bombing of the Berlin discotheque that led to
the '86 raid on Libya. (However, the bombing still occurred...draw your
own conclusions.) But is it worth the price?

Now there is talk of using the NSA's formidable listening abilities
for economic espionage against our economic opponents! 

Is it any wonder the NSA is scared sh..less over the spread of secure
and untappable communications systems?

Be afraid, be _very_ afraid.
-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.


;Date      25 Oct 92 19:14:38
From:      Uucp@1:125/555
To:        Tom Jennings@1:125/111
Subject:   Registering Keys with Big Brother
Options:   kill-sent private 
;Status:   recv'd (read 9 times)
;INTL 1:125/111 1:125/555
>----------------------- Do not change this line -----------------------------<
From  kumr!netcom.com!tcmay
From: tcmay@netcom.com (Timothy C. May)
To:   cypherpunks@toad.com
Date: Sun, 25 Oct 92 19:09:34 PDT
Cc:   tcmay@netcom.com (Timothy C. May)


Arise, cypherpunks, evil plans are brewing in the bowels of the Beast!

I just read a summary of influential crypto guru Dorothy Denning's
talk at the recent 15th National Computer Security Conference (held in
Baltimore, don't you know, so con-vee-nient to Fort Meade). See the
recent RISKS articles in comp.risks (esp. 13.86). 

Since RISKS is copyrighted, and we wouldn't to do anything to make the
lawscums unhappy, I'll summarize:

* Denning proposes that anyone using public key encryption over public
networks be required to register their private keys with, for example,
the Justice Department.
* To avoid the risks of someone else getting the key, she suggests the
private keys could be encrypted with the _public key_ of Justice, and
then held by an independent agency. (Ostensibly, the encryption and
registration could be done by the user himself, though some means of
verifying compliance would have to be devised.)
* To make use of the private key (for example, to read e-mail
encrypted with the key), the government would have to get a court
order, present it to the independent agency, take the key back to
Justice, decrypt it with the private key of Justice, and then proceed
with their surveillance and whatnot.

This is ostensibly like the procedure for wiretapping.

However, it would screw up the use of encryption in many ways.
Registering a key would precluded frequent key changes, would probably
cost some fee (on the order of $50, like a driver's license, I'd
guess), and would of course greatly complicate the use of digital
pseudonyms and all the other neat stuff we've talked about (but which
caution tells me not to discuss here on an open and unsecured
list...you can check my .sig to see where I stand, of course).

My hunch is that Denning and the other "quaint" (cf. Sterling's "The
Hacker Crackdown" for a description of how the crypto bigwigs interact
with hackers at CFP and elsewhere) cryptheads have alerted the
government to the _real_ threat of cryto tools. Position papers are
being released as trial balloons, to prepare the way for a "Crypto
Crackdown."

I hope I'm wrong. We need more information. Let's talk to someone who
went to this conference and get the Proceedings as quickly as
possible.

Cryptically Yours,

--Tim

-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.


