A. Michael Froomkin: Morning. Welcome. Congratulations on getting up so early. I always manage to get the dean not to give me morning classes, but Carey managed to do what the dean couldn’t.
We have an extraordinarily distinguished panel today. I think none of these people need introduction, so what I’m going to do is give tiny little introductions just before their turns to speak [on the stage?]. As more people drift in they’ll want to know who the particular speaker is. Right now I’ll just say I suspect part of the reason for the turnout today is we have not one, not two, but three current or former NSA personnel here on this panel. And of course even better than that, four lawyers. Thank you. Thank you.
I think I should explain how this panel came to be, in particular how the topic came to be. I spent the past year writing a really long and probably quite boring paper on the Constitutional aspects of Clipper. There’s a transparency you could put up for me, please, I’ve got a URL and other ways of accessing it for those of you who are into that sort of thing. It’ll be up on the screen, no doubt, in second.
The paper’s in one sense incredibly parochial, because it’s about United States rules. And in thinking about what I could do to try to organize something that would sort of move the debate forward, my mind started to turn to the international aspects of secure communications. Because what came out to me from the Clipper debates were two things that everybody at least seemed to agree on. One is that in United States today at least, you have a free choice as to what kind of encryption you wan to use for domestic communications. And another is, nobody can figure out what possible incentive foreigners would have to use Clipper.
That means there’s a real problem about international secure communications, and we’ve got something to talk about. Now, the term “secure communications” in this context is obviously a contested term, because secure from what? You have to talk sometimes about a threat model. And in particular, you need to define whether or not various governments are part of your threat model or not. In an era when the FBI is telling American business that foreign governments, in particular the French, are one of the major threats they have to worry about, that has implications for how you might want to structure your communications. (Thank you for the sign.)
I’m told by the way that the PostScript file that’s currently on the server—our experimental temporary server that they kindly put up just for this conference—is in fact complete garbage. We’re working on that. They swear to me that by the end of the day we’ll have real PostScript—enough stuff that looks like PostScript, but isn’t. Worse than that; just…plain garbage.
So, here we are to talk about this problem. How do we do it? How do we talk securely with people abroad? And in particular what can we do…what’s feasible to do, to progress matters from where we are today? And with the help of some of the members of the panel, I drafted the three questions you’ll find in your book on page 150. Through some strange gremlin of typography, Tim May’s answers to those questions were printed as if they were either my or the panel’s answers and nobody—
Unknown Speaker: We hacked into the com—
Froomkin: —puter system. Something happened. Those are our joint questions, but they’re Tim’s answers and we shouldn’t rob him of the pride of authorship or attempt to associate them with anyone else who might not want that particular pride.
But for those of you who’ve managed to mislay your books already the questions are what’s the single biggest impediment to international secure communications? The second question is what’s the single feasible change that would most enhance international secure communications, and what will be the implementation path for that? And the third is how would you advise a friend or a client as to how to communicate securely today?
And in the interest of being provocative, let me just offer some sort of tentative answers to those three questions. I’m not entirely sure if I believe these 100% but I do believe them I think more than half. It’s the fear that I might believe these things which prompted me to try to assemble the experts we’ve got here today to try to give you better answers than the ones I was able to come up with myself. But here they are.
My answer to the first question of the single biggest impediment is not the ITAR. I’m actually sort of tired of ITAR bashing. Because you see the biggest impediment is foreign governments. Look what happened in Pakistan a week ago when they cut off the entire cell phone network because they couldn’t eavesdrop on the cell phones. That wouldn’t—probably—happen here. We just get Digital Telephony. It’s quite a different procedure. And you know, you look at the French government, the English government, the Singaporean government. And it seems to me that in fact if the ITAR were to disappear tomorrow, you would have as great or worse problems caused by foreign governments trying to prevent totally secure communications.
My answer to the biggest feasible thing you could do is simply buy foreign crypto and import it to the United States. Seems to me that that’s a very feasible way to get secure communications today. Indeed I hear last night a gentleman from Motorola saying that’s what they’re doing.
And how would I advise someone to communicate? Well, if you’re in a situation where you’re communicating between two countries where they allow you to use strong foreign‐purchased crypto that’s the thing to do. And if you’re dealing with a country like Pakistan, where that’s not allowed, there’s only one thing you can do: go in person, and go to a restaurant where you don’t have reservations. Or send a courier you trust with something written on paper.
With that I’m going to turn it over to the first of our several experts. In the interest of brevity I’ve asked each person to allow me to rob them of their distinguished resumes and just announce their current affiliations and one other fact about them.
Stewart Baker’s current affiliation is a partner at Steptoe & Johnson, a law firm in Washington DC. He was formerly the General Counsel of the NSA and he’s well‐known to CFP. And he will now bring his expertise to bear on these questions.
Stewart Baker: Thanks Michael. I think this’ll probably be the last time that I speak to you, because the MIT organizers of the event approached me last night and told me that they had decided it would be both more direct and probably raise more money if instead of speaking I just allowed them to set up a ten‐dollar‐a‐throw dunking booth. I’m gonna move quickly through the three questions, because we’ve each agreed to do this in about three to five minutes.
I think that Michael is probably right for the long run that the biggest restraint on the spread of cryptographic security will prove to be foreign governments. I have written a piece, which actually LA Times published a version of which is in the materials, which takes on a completely different look at these issues. Approaches it from a question of really is the net a proof against regulation? Is it somehow going to— I think I accused John Perry Barlow in one of our debates of being an Internet liberation theologian… Will the net set us free? And I think the answer is not. That foreign governments will prove much more aggressive and much more imaginative about regulating the net than we imagine here because in fact government and people share a lot of values in the United States that aren’t shared in other parts of the world. And so we will see much more aggressive regulation of encryption and the net generally in foreign lands than we see here.
For the short term I think that the restraints on cryptography have…probably could be ordered as one, lack of customer interest; and two, the ITARs. That Americans simply have have generally not chosen security if they had a tradeoff convenience or price for that. And you can see that in cellular phones, you can see that in portable phones, you can see that in computer systems.
I think that will change as digital commerce goes to the net. People are willing to put up with a lot of potential risk to their privacy, but losing money is a different thing, and when you create incentives for people to hack into computers that have dollar signs attached to them you’ll see a lot more of that going on. And so I think that we are probably now, although people have been saying this since Marconi invented the radio…we’re on the verge of widespread use of cryptography for individuals and businesses.
Policy changes. There’s an aspect that— As you all know, this cryptographic debate, it’s a lot like a bad marriage. People come to these conferences and say the same thing over and over again. Nobody seems much to come away persuaded. I think the one area…the one new idea that is ticking around in this area that has some prospect for creating common ground has to do with private key escrow. I don’t think there’s anybody who thinks that’s their first choice, but it serves some values for everyone involved. Phil Zimmerman was telling me he got a call from an executor of an estate who… He had used PGP to encrypt a bunch of files and the question was, “Well how can we find out what they say?” And answer was “you can’t.”
I think individuals will want to have a way to recover keys. Businesses, there’s been a whole process… You can trace the cryptographic debate running from a time when only NSA realized that there was a fundamental conflict between the importance of maintaining security and the importance of being able to undo it. To the FBI waking up to that problem. To I think businesses waking up. As they start to implement cryptography they realize that it won’t always be used by employees in the company’s interests. To individuals beginning to wonder whether they really want strong cryptography, and unbreakable cryptography, unrecoverable keys. That’s not our… I don’t think everybody’s interests there are identical, but at least it’s a new idea in the debate that’s really worth exploring.
Finally, on the advice that I would give to someone who wanted to have secure communications I’d give two answers. As a practical matter, I actually think that the easiest thing to do would be to use 40‐bit RC4. And I recognize that there are people who will say that it is trivial to break. I think those are probably not people who’ve tried to break it often.
And I guess I would say that you know, computer security guys generally measure themselves against Kevin Mitnick. It’s only the mathematicians who measure themselves against Fort Meade. And that results in a kind of skewing of the sense of what sort of security is necessary cryptographically compared to other things. The fact is, the only reason to use cryptography is to raise the cost of intercepting and decrypting your message above the cost of bribing your cleaning lady. And once you’ve done that, I think you’ve probably done as much as cryptography can do. It’s got to be part of a whole scheme for dealing with security. And there are many holes in people’s security that don’t have anything to do with cryptography, and my bet is that 40‐bit RC4 is probably the strongest part of almost anybody’s secure system. Thanks.
Froomkin: Thank you. Our next speaker is Phil Karn. Phil Karn, who asked me to emphasize this identification is only for identification purposes and he’s speaking for himself, is currently a staff engineer at Qualcomm. He’s also…not yet a plaintiff in a lawsuit that may soon be filed against the government that he’ll be telling us about.
Phil Karn: Okay, good morning. Thank you. I do appreciate this opportunity. As said in the introduction I am not a lawyer. I’m here as an engineer who is deeply concerned about privacy and security, and who over the last few years has been increasingly outraged by the government’s treatment of one particularly heroic person by the name of Phil Zimmerman, who has done probably more than anyone else to bring cryptography to the masses. [applause] And I think I’m here largely because of that outrage, and because of a case that I have started that was just mentioned that alludes to that. So first of all I’d like to answer the questions that were posed, and then talk about the case that I’m involved in.
First of all, I think I would still say that the answer to the first question, the biggest single impediment, is in fact US export controls. They’re absolutely absurd—but I have to qualify that answer. That answer applies only to the good guys, okay. The bad guys right now can go out and get a copy PGP anywhere they like and use it, and I’d be very surprised if they’re not, okay. So the answer to the first question posed to the panel really has to be qualified by whether or not this applies to the good guys or bad guys, ’cause only the good guys follow the laws anyway when it comes to this, because it’s so easy to break them without anything happening to you.
So answer to the second question is obvious: repeal US export controls on cryptography and stop harassing people who’re only trying to protect their own privacy.
The answer to the third question has to depend on something. It depends on whether or not I could be held criminally liable for my answer. I talked to a few attorneys who know export control. They tell me that I could actually be in violation of the ITARs, thrown in jail, for telling a foreigner where he could get a copy of PGP on a machine in his own country. That would be rendering technical advice related to a defense item, okay. I could be held criminally liable for that. So If I ever tell a client in Italy, let’s say, that you can go to this site in a new machine in Italy and pick up a copy of PGP I could be thrown in jail for that. So my answer would depend on whether I could be held criminally liable for what I say.
That’s obviously an absurd situation. But assuming that I will not be held liable for what I would say I would say the answer’s obvious. Right now if you want true privacy, and by that I mean privacy against the National Security Agency as best as we know, the answer’s clearly PGP. For now. And in the future I think you’re going to see that PGP is just the beginning of a wave of similar products that’re designed to give individuals the right to control their own privacy. I am personally involved in an activity within the Internet Engineering Task Force to standardize protocols to secure the Internet. I am sick and tired of people like Kevin Mitnick. I’m sick and tired of the FBI coming in and fighting a battle, on my land, against people like Kevin Mitnick. I feel like…you know, an irritated parent who would like to take two quarreling kids and bash their heads together—that’s exactly how I feel about the FBI and the hackers. And one of the things I really like about cryptography, it seems to piss them both off evenly, so it’s wonderful. [laughter]
[Slides mentioned are unavailable]
So, with that I’d like to answer some of the comments made about about export controls. I’d like to have my first slide if I might. Okay. That seems to be the US government’s position on export controls whenever you try to debate it with them. I don’t know how to deal with an answer like that. Unfort— I mean, I don’t know about all of you, but I’m old enough to remember Vietnam and Watergate. It happened at a very formative time in my life when I was in high school, a very impressionable time. I’ve never forgotten that lesson. I would like to think that most Americans haven’t forgotten that lesson and I’m afraid they have. And unfortunately arguments like this don’t carry the day, which is why they’re still made.
So, if I could have my next slide. I thought I might try a test case here to convince even the people who still believe that the government might actually know something that it can’t tell us that’s a good reason for the decisions they made. I decided I’d file a test case which involves this [thicker?] book, Applied Cryptography by Bruce Schneier. I don’t get a cut out of this so I’m not, you know, I’m not doing this for my own financial benefit here. I simply think it’s an excellent textbook as an engineer who practices in this field. Of particular interest in this textbook is the last chapter, which contains quite a bit of source code, in C, ready to execute if you type it in and use it. It provides strong cryptography. There’s a couple toy ciphers in here but there’s a couple of really good ones, too, including the IDEA taken right out of PGP. It’s the heart of PGP.
So, as I understand the International Traffic in Arms Regulations, the defense trade regulations, this book is a munition, you know. I have to get permission to export it from the country. So I filed a formal request with the State Department to export this munition, as I understand it. And back came a letter saying that well, “This item’s in the public domain. It is not in in our licensing jurisdiction.
Well, great. The State Department still understands that the First Amendment protects books. That’s wonderful. But they went on specifically to say that that only applies to the book and not to the floppies that the book mentions are available from the author. Well this is very interesting. I mean suppose the floppies contain exactly the same information, are you really going to discriminate on the basis of media?
So I filed a second request, for this floppy disk. It’s an exact copy of what is in the back of the textbook. Character by character. Okay. What did they do? They said sorry no, the floppy is a defense article requiring a license for export. The book, containing exactly the same information is freely available, freely exportable. The floppy disk, which contains exactly the same information byte by byte is not, it’s a defense article. Now you figure that one out.
Next slide, please. I’ve appealed this case up through the administrative levels… Oh I should point out that the main distinction they tried to draw in their letter was that I’d added value to the files in the floppy because they were separated into separate files. And of course only Americans can type, so there’s significant value added to some foreign criminals here.
As I mentioned I’ve taken this up to the administrative levels. The first‐level appeal was designed. The second‐level is still pending. And it looks like we’re going to court in a few months unless something changes drastically.
And my last slide is a pointer to a web page with more information on this subject if you’re interested. Thank you.
Froomkin: Thank you very much. Our next speaker is—I believe it’s his first appearance at CFP although in some sense I think he’s no stranger to this group. It’s Steve Walker who is the President of Trust and Information Systems. He is formerly with the Defense Department and the National Security Administration for a grand total of twenty‐two years. He tells me that it’s a great set of places to be from.
Stephen Walker: Thank you. Those of you who are concerned that there are four current or former members of NSA here, I only say I’m much more concerned that I’m up here with four lawyers. But I guess we each have our own devils.
What I want to talk— In trying to answer these questions, the single most significant impediment I believe has to be the US export control policy. It’s perfectly legal for us to use DES and other encryption here, but our friends at Microsoft and elsewhere don’t offer it. The reason they don’t offer it isn’t ’cause they don’t want to give us good stuff. It’s that they can’t export it to half of their market. And therefore, effectively we don’t have it available to us, even though it’s legal. And I think that’s a serious problem. We have to find a way around that so that we can protect our sensitive information. But, we have to take into consideration the interests of law enforcement and national security, too.
What I want to talk about a little bit here is an effort that we have begun last year on…we call it commercial key escrow. There is a paper on this in the proceedings and I commend it to your reading. Our main objective in doing this, and I guess this is my answer to the second question, is to get good cryptography routinely available to anyone in America. It oughta be the default. It oughta come on your laptop or on your workstation in such a way that you have to ask not to have a file encrypted. If we could operate in that manner, we would have very significantly reduced security issues across the board.
But, in looking for ways to do this I participated some last year in discussions with members of Congress on the Cantwell Bill, which was an attempt to say let’s change the rules. That’s a hard game to play. Congressmen don’t know anything about this and they’re being besieged by government executives and they’re being besieged by businessmen and they decide, “I’m gonna side with business executives.” I can tell you stories about that later if you’d like.
We’ve gotta find a way to relax this tension that has grown up between the needs of the American public to protect their sensitive information and the legitimate needs of law enforcement and governments to understand the communications of their adversaries. And badgering them, or blunt attacks on changing the ITARs um…may get there someday but I don’t think it’s gonna happen anytime soon, probably in part because it becomes a win/lose situation and lots of folks don’t like to lose.
What we’re trying to do with examining this key escrow set of ideas is come up with a win/win situation if we can. The work we did began last May with as a technology experiment to say “can you build a software version of Clipper?” We did. We showed it to the government and we showed it to a lot of industry. Pretty much general agreement we had succeeded in that. The problem of course is people didn’t like Clipper so they don’t really want a software Clipper, either.
So, we decided to change attack and say well, is there something that people do want? There’s been a lot of references to this even this morning. Emergency data recovery. You’ve encrypted something and you lost the key. Or you encrypted something and you came out here to this conference and your boss needs it. How does he get it? Some means of emergency data recovery. And that’s really the focus for the activity. We realized in the course of that that if we came up with something that was owned by companies, run by companies for their own purposes, that law enforcement’s interests could be helped greatly, without any change in any rules, without any changes in legislation. Simply through the process of the search warrant that we already are subject to.
Notice in our discussion of this, there are no. government. databases. of escrow keys. Indeed, there are no databases of escrow keys at all. The system is entirely voluntary and the motivation for using it is that you need emergency recovery of some sort. The intent is that companies and organizations would run their own data recovery centers for their own purposes, and that individuals would be able to subscribe to services that might be publicly available.
We are now seeking approval from the government for the export of good cryptography, read that DES or equivalent, when combined with commercial key escrow. There are rumors floating around minute by minute of progress in this area. I’m not gonna make any predictions on that. The focus of our work now is on file storage and email. I believe the technology will work equally well in general communications encryption and in telephony, but the motivation for why one would want data recovery centers for telephony outside of the government interest just don’t seem to be there. We are now working with software and hardware vendors to figure out ways to include commercial key escrow into their products, and we hope there’ll be some announcement in that area very soon.
We’re trying to solve problems for the average business and the average individual, by allowing routine capabilities to protect their sensitive information. I will say we’re not trying to solve everybody’s problems, though. Two weeks ago I briefed Jerry Berman’s digital security and privacy working group, and there were questions from the audience that “wait a minute, you’re making it too easy for law enforcement to get my stuff.” Well if your stuff is routinely available in the clear now, no we’re not making it too easy. If you in fact contract that with some government key escrow system where the government has the keys, no this is not anywhere near as easy as that.
However, if your concern is that the government, acting in any legal manner, can get at your data if you use this system, then my advice to you—and I guess this is answering the third question—is…don’t use this system. In fact don’t use any commercial system because the government’s going to be able to get your stuff if they really choose to.
I want to close with a couple of comments. This is in fact a private sector initiative. There are people who are saying this is Clipper Two or this is the government about to impose yet another version of key escrow on us. This is a private sector initiative designed to make encryption available for private use. The government has no investment in this. We’ve asked them to review it relative to export control but it’s going to become available anyway.
I have a very small number of write‐ups here, that I’ll be glad to give away because I don’t want to take them back, about where we are. I’d be glad to supply you with this if you in fact don’t have enough here. And I’ll be around to talk about it later if you’d like. Thank you very much.
Froomkin: Our next speaker’s also from the private sector. It’s Ira Rubinstein, the Senior Corporate Attorney for Microsoft. He wanted me to say that one of his claims to fame is that he went to Yale Law School with Ron Lee.
Ira Rubinstein: Good morning. I’ve been involved for several years in industry efforts to liberalize export controls, and what I’ll try to do is to bring a very commercial perspective to the panel’s discussion.
I think it’s pretty clear that the strongest impediment to secure international communications has been export controls. Without those controls, American software companies would’ve long ago implemented public key and strong encryption algorithms. With those controls that has not happened.
I disagree strongly with Steve Baker’s observation, and he knows this because we’ve had this discussion before, that there’s a lack of customer demand that accounts for the absence of security features. Any company in the last several years that’s been in the client/server arena has constantly heard from customers that in order to downsize to client/server solutions they need security. And the reason that American companies have not offered security is not lack of customer demand. It’s really more a matter of distribution channels. Most American companies are not willing to offer a dual‐product strategy where they have a product in the US and a separate product abroad. Because the distribution channels don’t allow that to happen without imposing a great deal of cost. Product is distributed preloaded on machines, those machines go anywhere in the world. You can’t force the computer manufacturers to only ship a machine with an American product to certain markets and with any other product to only those markets. Increasingly product is distributed on CD‐ROM in multiple language versions. Once again, it would be prohibitive to try to track where each CD‐ROM goes so that you can offer the dual‐product in just the market that would accept it.
What customers do want is integrated, easy‐to‐use, convenient security, and that’s what American companies have not been able to offer because of export restrictions.
As to the second question of the feasible policy change and a path to implement that, I think clearly the single most important change that could occur is a change in the export laws. But whether that’s feasible is another matter. For several years now the software industry has pushed for legislation to change the export rules. I think it was back in ’91 there was the Levine amendment and more recently the Cantwell provisions. Those legislative efforts have not been successful. There’s been one major change in administration rules, the July 1992 agreement that resulted in the identification of a suite of algorithms that if you…the 40‐bit algorithms that if you designed to you could be reasonably assured of rapid export approval. And I think it’s very interesting to note that as soon as that rule was enacted, or promulgated, software companies responded and we now see a large number of products with security features designed around those standards. So I would maintain, and this is where Michael and I will disagree, that if those rules were changed again and the key length was expanded to 48 or 56 or 64 bits, companies would react very swiftly and put out products that met those new criteria.
There’s been talk by several panel members about private key escrow initiatives. The Cantwell Bill died last summer mainly because Congress has been unable and unwilling to pass a new export administration act for many years now and the Cantwell Bill went down in defeat with that bill—not really in defeat because it never even went to the floor. But at that time, as some of you may know, Vice President Gore issued a letter to Maria Cantwell in which he laid out some principles for private key escrow. They included that the private key escrow system would have to be implementable in software or hardware, would have to use non‐classified algorithms. It would have to be voluntary—and I think industry interprets that to mean voluntary in the sense that non‐escrow alternatives would remain available as well. And it would have to be exportable.
Whether that will lead to a solution at this point is very difficult to say but I’d like to make two observations. One is that there will have to be sufficient commercial demand for key escrow, or as Steve calls it data recovery, in order for that solution to take off. Without commercial demand it simply won’t happen because it would require a great deal of work on the part of companies to implement these features, and if customers are simply not interested in it then it won’t happen. The market for it won’t grow.
But even more than that, I think it’s got to be viewed as a long‐term solution because there’s gotta be a legal framework in place in order for this to work. There has to be a clear sense of…where keys can be deposited, what it means to deposit them in a commercial sense, who bears liability if keys are…you know, if the escrow agent who is a fiduciary with respect to those keys abuses that duty or fails to adequately protect the keys, and so on and so forth. And without that structure not only in the United States but internationally, this is simply not gonna happen. Because it won’t be enough for the administration to announce a set of criteria unless there’s an infrastructure in place not only in the US but abroad as well. Because after all, the impetus for this is relief on the export side. But if there’s no infrastructure available in foreign jurisdictions, then it’ll be rather meaningless to begin selling that product abroad.
On the last point I guess I agree with both Michael and Phil in terms of how to communicate securely at this time. You could certainly import foreign DES boxes, or you could by a wink and a nod indicate where your foreign counterpart might find PGP. But I think both of those suggestions point out some of the absurdities of current export rules. Why is it that an American company has to import foreign DES boxes in order to achieve security among its multinational subsidiaries? Clearly that indicates that the technology is readily available abroad. And what’s the sense ITAR rules that would make it a crime as still suggested to tell someone where they can find PGP when the technology is readily available and easily downloadable.
Froomkin: Thank you very much.
Our next speaker is Ron Lee, who’s the current general counsel for the National Security Administration having succeeded—
Ron Lee: Agency.
Froomkin: Sorry, agency. The NSA. Among his many many accomplishments on his illustrious resume he tells me the one he wanted me to mention was that he was a Rhodes Scholar at Oxford—perhaps something he has in common with the President. Ron?
Lee: Perhaps the best way to introduce myself is to tell you that like you I didn’t go to Woodstock, either. But the reason was I was too young and it was past my bedtime.
Before I get to the single biggest impediment I want to set the stage a little bit by pointing out that we’ve all focused on the word “security” as focusing on one aspect of the uses of cryptography that Willis Ware talked about. Security has many aspects, as you saw from his talk. We’re focusing this morning, and quite properly so, on the confidentiality or encryption aspect, but there are other equally valid and important uses for it which are necessary to build the global information infrastructure. And those of course would include and nonrepudiation and digital signature and authenticity. All of that suite of features that you need to have. And I would submit that for many businesses who are trying to figure out how to get involved and how to reach customers, these are as important or more important than the issue of how to secure their data.
So with that comment in mind, let me say that I think right now the single biggest impediment to secure international communications is the romantic myth, or almost the reverie, that the development of cryptographic standards and implementations, both in the United States and abroad is somehow an irresistible tide of freedom sweeping out from the masses that no government—either the US or foreign—that no government can or should control. And this certainly has a strong appeal to it. But I think it flies in the face of facts.
The fact is that nation‐states do have a strong and enduring interest in the uses of cryptography. Both history and the present situation prove that cryptography affects every nation’s military, political, economic, and technological security. And I don’t think it’s an overstatement to say that no nation‐state is going to advocate control of cryptography, including encryption and confidentiality functions, to outside or domestic forces.
Having said that let me try to identify some of the interests that a state, including the US, would have. From the US perspective those would be protecting the privacy of Americans; protecting both business and—importantly—government institutions against hostile foreign intelligence threats and other threats to their information; protecting law enforcement access to communications, where lawfully authorized; and then preserving national security capabilities. Those are things that all have to be factored into the debate. And if we’re going to move this debate forward, which we must and have to, I believe we have to overcome that myth.
My second answer…to answer the second question, follows from what I just said. Which is that cryptographers, software manufacturers, everyone who’s involved in the community, needs to—and Steve Walker’s begun that process—needs to come forward with proposals that recognize the state’s interest and then work with the government to evaluate and improve their proposals. The Vice President in the letter to Congresswoman Cantwell has laid out the criteria for a key escrow proposal that we need to meet. And that process of working with industry is going on and will continue.
This process, though, is not limited to the United States. And so we shouldn’t assume in kind of a US‐centric way that we’re the only ones who matter, we’re the only country that has to go through this. Every other country that is going to face the encryption issue needs to go through this as well. And national cultures, political process, constitutional values, all the things that are unique to a nation‐state are going to shape that process. And then once that weighing process is taking place, and this is gonna come back to the policy issue here, how it all is put together. How widespread cryptography is use. How well the systems operate. That’s all going to depend on some of the things the other panelists have talked about. Personal preference, political will in each country, and of course technological development.
Let me just that comment briefly on the third point, what would I recommend if someone wants to communicate with a foreign counterpart abroad. The first point is I would tell them to learn about what the foreign threat is. You have to know what you’re trying to protect yourself against before you go out and protect it. The NSA, actually, through the director and other government agencies, have reached out to talk to private industry to tell them a little bit about what the foreign intelligence threat is. I’ve participated in the Overseas Security Advisory Council, which is a Department of State group which any business or industry that has significant operations abroad is welcome to join and participate in.
But on the operational side, I would say perhaps the obvious to you, which is use an encryption product that’s been approved for export from the United States. [some audience laughter]
Let me respond briefly to something Phil said, which is Phil’s first slide was his effort to debunk the “if you only knew” statement. One of the main activities going on this week of course is the NRC Committee, which is here. Several of its members—Herv Lin and others are receiving input through the Birds of a Feather sessions and so on. And of course there is that segment of that committee that will receive the appropriate information, and it will enable them to really study the [?]. They’ve put a lot of resources into it and they will be able to come up with a conclusion that I think will address some of the procedural concerns that Phil had. This has been done in the past but I think that this is an important step in getting the appropriate people involved in the process.
Froomkin: If we only knew. [audience laughter] Thank you. I apologize for that remark. A little.
Last but certainly not least we have Tim May who’s a cofounder of the cypherpunk group and was formerly with the Intel corporation.
Tim May: Thank you Michael. My only point will be you would support my position if you only knew what I knew. [some audience laughter and applause]
Seriously. I think Stewart Baker was correct in his written comments that the issues need to be raised and a debate needs to happen. I believe an important phase change in the structures of society around the world is coming. It has its negative connotations, it has positive connotations. I don’t wanna ramble off on a bunch of tangents about the political issues and long‐range issues, but I do think this is very important and I think the public debate about cryptography is very healthy for the country.
Somehow my three answers to Michael’s questions got folded in, edited in, to his listing of the questions. So you can see them pretty clearly.
The single biggest impediment to secure international communications I believe is basically ignorance. It’s customers not asking for software. I’m interested to hear that customers are asking. Most people I know—end users, not corporate customers but end users of different systems—are pretty much unaware of what’s happening, and they’ve gotten intrigued by PGP. MailSafe, for example, which I had from RSA Data Security. I actually bought and paid for a copy from Jim some years back. I could never find anybody to communicate with. [audience laughter] [laughing:] Nobody else had a copy of it, so I couldn’t send secret decoder messages to anyone.
PGP changed that as a community. For communitarian reasons it spread very widely and has been interesting.
So I think if products could be integrated into things like Lotus Notes and Microsoft Word, Microsoft Network, NCI network—whatever’s coming, so people could just click on buttons and get certain features, then this will be a major success. To the extent that’s not happening because of ITAR rules I’m sure that’s an issue.
Anyway, the thing I want to talk about before my time runs out is I mentioned multinationals. There are two sizes of multinational companies, international communications. Big ones like Intel and Lockheed and Apple. And they’ve got certain rules—they’ve got to play by the rules. Whit Diffie made an excellent comment a couple of years ago to the extent that the war on drugs was largely successful against big companies because you could tell Lockheed that if they don’t start drug testing and whatnot you could fine them and penalize them and do all sorts of things. But small little companies, small little enterprises, aren’t affected by these rules.
Nicholas Negroponte has a position that’s very similar to the position many of us have had which is that we’re going to see a huge increase in the number of family multinationals. This is the mother’s in Hong Kong, the father’s in Paris, the brother and the son are in the US. It’s not clear where their income is localized, it’s not clear where their assets are, and they’re certainly not going to be restricted in the forms of communication they use. They may use code books, things that essentially can’t be stopped.
Or they’ll use PGP. I mean, it’s trivial to get PGP out of the country. There’s a running bet in the community as to how many hours it takes to get a new version now. And this— [audience laughter] I’m not saying I would do it, I’m just saying that it gets out, fast. It can’t be stopped. The borders are transparent. I carried seven gigabytes of data to Monte Carlo recently to talk to cryptography people over there. Seven gigabytes on opticals and DATs. There’s no way to stop me. There’s no way to stop anything. This is the phase change that’s coming. I don’t demonize the NSA, as I think they did a great job helping to win the Cold War and I think they deserve a round of applause and [panel member laughs] Not clear what the future mission will be in a world of transparent borders— [recording cuts out on May’s presentation]
A. Michael Froomkin: —conversation. And preceding that assumption, before I go to questions from the floor, which we will definitely do, I want to throw a few pointed questions at a few members of the panel. I courage other people to follow up if they would like to do so.
I think my first question's for Stewart Baker. This is really a question that ought to be addressed to Ron Lee but he can't talk about it because it's the subject of current or future litigation. So you're the best-placed person to say the things he could never say.
How on Earth can the United States government justify denying Phil Karn's request? What's the logic behind that? The book is out. What's wrong with the floppy disk?
Stewart Baker: Yeah I think the best stab I can take at it is this. In 1975, if you had asked NSA or most government officials about the classification status of cryptography, they would have said it's equivalent to nuclear technology. It is so important to the national security that people who research it, who come up with ideas relating to cryptography, new cryptanalytic attacks or new cryptographic techniques, are engaged in classified research whether they know it or not, and they should not be releasing it to the public without talking to the government first about its national security consequences. That was pretty much its status for export control purposes.
In the late 70s, for a variety of reasons, that became a very controversial position. A lot of private sector and academic cryptographers did not want to submit to that kind of review and raised a First Amendment issue about academic discussions of cryptography.
It turns out that at least for the short term, or maybe the medium term, it is possible to do a lot that protects national security if you can restrict the spread of commercialized encryption. It's not a perfect result but it is better than letting it go entirely. And I think that the— This is before my time at NSA, but I think that the final policy decision that was made sometime in the early 80s was to say for First Amendment reasons we have to give up on trying to regulate what academics say when they talk about cryptography. But we have to control commercial cryptography.
Froomkin: But Phil has anticipated your reply in his slides. I mean, he claims that that answer is based on saying foreigners can't type.
[long pause; audience laughter]
Baker: I don't think entirely that it is. The fact is that… We've heard a lot of people say they think that the existence of export controls on strong cryptography has prevented companies from selling it widely. And as Tim said you know, if there isn't somebody at the other end, then you're not as likely to use this stuff. And so restraining the installation of point-and-click DES encryption probably has meant that there are a whole lot less DES-encrypted transmissions in international communications than there would be otherwise. So I think it's not a perfect line. And I'm not speaking for NSA when I say this 'cause I wasn't there when that decision was made. I think if you take the view that as an effort to accommodate the First Amendment people said, "Well why don't we try this line: commercial, no; academic, yes," the difference between a book and a disk begins to make sense. It's not perfect by any means. But I think if you're trying to get a sense of why this might seem like a sensible distinction, that's the best I can do.
Froomkin: Want to say anything? You want to add or subtract to—
Tim May: Yeah, I just wanted to add that—Ira may prove me wrong on this, but I think companies that make commercial software…you know, encryption or whatever [?], are going to be quite reluctant to take the crown jewels of their corporations and just…publish them in a book so that Phil and his nimble-fingered friends can type it in.
Phil Karn: Of course there is something that I don't think was actually anticipated by people who made this distinction between commercial software and academic discussion is the rise of free software, which PGP is probably the best example. I've written cryptographic code; as far as I'm concerned it's in the public domain. I put it out there because I think it actually facilitates those who were, you know, interested in academic discussion. I mean, a lot of people give away source code because it is a very powerful instructive tool. Stewart and I had a conversation about this last night at dinner, where he was asking why would I ever want to give away source code? What instructional value is there to that? It was obvious just from the question he's not a programmer. [audience laughter and clapping]
Froomkin: Anyone else want to jump in or…deploy my next cool question. I guess my next cool question is actually for Phil. It's an equal opportunity process.
Do you ever worry about the consequence— We have people from the government here, at previous conferences, who tell us in all seriousness that they have thought really hard about the national interest, and they're trying to the best thing given what they know, and bad things will happen if this stuff gets out. Do you ever lie awake at night worrying that there might be some truth to it, you're contributing to some bad thing happening if win your case?
Karn: Actually I have to say yes. I do worry about that, okay. I mean I have to be honest about it. All technology can be used for either good or bad. That's not just true with cryptography, I've been very active in the Internet for the last ten years. I've helped develop a lot of technology along with many other people. For all I know Saddam Hussein used it in the Gulf War. I mean that would explain some of the silly rules we saw after the fact about controlling Internet routers; another technology that's out of the barn.
So any technology can be abused, not just for cryptography and yeah, I am concerned about that but I also realize I can't do much to stop it it. All I can really do is make sure the good guys also have it.
Froomkin: Anybody else wanna…?
Tim May: I'd like to make one comment. I think someday I'm gonna wake up, turn on CNN, and hear that some Eastern European city or Middle Eastern city has just been nuked, maybe with a fizzle nuke. And I think that's likely to happen. And I'm not too worried about it. And I know that sounds callous. I like making outrageous callous remarks. But the world is much safer. There's almost zero likelihood of a global thermonuclear war, which to me is a very good thing. The weapon stockpiles are gradually decaying, at least the Russian ones are. We think.
Some terrorism will occur. I don't support any kind of terrorism but I think if you look at the number of people who die in terrorist attacks, it's relatively small and it's not—to me—sufficient grounds for suppressing free and open societies. And I hope we don't see anything of that sort. [applause]
Froomkin: The reference to Saddam Hussein sort of raises a question I think has to go to Steve Walker. And as I understand your proposal, you want to help produce shrink-wrapped products which are exportable, which are going to provide strong encryption with voluntary escrow where the users get to choose who's going to hold the escrowed material, who's going to have the data recovery center.
So if Saddam Hussein wants to set one up, he can do that. And the system will be fully functional. And the good guys, as we've been calling them, are probably not gonna find it very easy to serve a warrant on Saddam.
Now, given that's the situa—if that's the correct description of the technical situation, why would the United States government give you export permission? What's in it for them?
Stephen Baker: Well in reality Saddam Hussein and the terrorists and all can in fact get anything they want now. In reality you can't sell…anything to Iraq because of embargo.
Baker: There are rules that say you can't send to terrorist-supporting countries and to the former Soviet Bloc or whatever. So those rules will still apply. The fact is that terrorists can get anything they want, and they do. It is only really that good guys in the United States and in other countries that are the ones that are losing here. The ones that abide by the rules are the ones that have no encryption to protect their information now. So I believe it's really a specious argument. I don't think terrorists are going to use commercially-available products with key escrow or without key escrow, I think they're going to do their own thing because they don't want to fear that they can be ripped off.
And so I mean… Why would the US government to approve this? In fact I think if the US government thinks this through for law enforcement interests and for national security interests they're going to be better off if there is a widespread use of some sensible key escrow approach than if there's just a proliferation of thousands of ad hoc solutions for which they will never have a chance of ever recovering anything. And so I don't think it's the fact that the terrorists might use it that's going to dissuade them. It's the benefit to the overall common good. In the paper that is in the proceedings I go through an analysis of the various alternatives to this. And the proliferation of thousands of ad hoc products makes law enforcement's job virtually impossible in this area. And I think it's actually a positive benefit they're going to get from that that outweighs any possible terrorist problems.
Froomkin: Anybody else? Phil's trying to—
Karn: Yeah, I wanted to speak to the topic of software key escrow, because I'm not sure we actually need a whole new product to support this. I'd like to make a proposal in the spirit of voluntary software escrow. Those who use PGP know that it has a feature in which you can encrypt to multiple recipients. Well, I would like to offer Mr. Lee here to give me a PGP key with NSA's name on it, show me that it's really his. I will be glad to sign it. My key is widely signed signed in the PGP database. You put it out on the database, let the whole world have it. Anybody who wishes to voluntarily escrow their communications with the NSA simply has to include the NSA's key in their mail. I think the problem is solved. [applause]
Froomkin: Ron, you want to take that offer?
Ron Lee: Yeah, if you're an American we don't want your key. [laughter]
Karn: I'm giving you an invitation.
Froomkin: You have anything else you want to add besides that or…
Well let me throw one last question out before we turn it to the audience. And this I guess is really for Ron to the extent that you can speak to it, which is… I guess it's a two-part question. First, how far does the genie have to be out of the bottle before the United States government's willing to recognize that something's exportable? And why isn't DES there, yet?
And in a similar vein, the NSA recently took a very public position in front of the X9 Secretariat against Triple DES. Why is the NSA standing in the way of the banking community's desire for ultra-secure communications when in the past it was supportive of the desire to have DES even when it wasn't going to give it to other people? So, they're related… To the extent you can what can you tell us about those things?
Lee: Yeah, on the first one this sort of gets back to a point that I think Steve made. You sort of look at what is a best-case or worst-case or second-order solution. Perhaps the worst thing to have out there would be to have a world of uniform, widespread encryption that does not provide law enforcement and national security with what it needs. But it's not clear to me that it would be so horrible to have a multitude of non-interoperating systems out there. Because you know, people who are the targets of foreign intelligence make mistakes. They don't always use cryptography for all the reasons that have been explained. So again, it's not clear that the solution is all or nothing.
On the other point about Triple DES, what I'm willing to say is that the process of deciding what the international standard is for banking is an ongoing process. As you know, the standard will be up for renewal. And I would prefer not to go into sort of the details of that decision.
Froomkin: Well I think the audience has been very patient. Let me start with Eric Hughes. We'll go back and forth between the two sides.
Eric Hughes: I'm Eric Hughes. I have a small dialogue I'd like to engage Ron Lee in. Because I'm feeling kind of stupid today. And…so let me make sure I understand your position. What you're saying is that…you're acknowledging I think that the people of the United States and citizens of the world want to use secure cryptography that allows them to choose whoever they want to talk to, which doesn't include the government. Is that right? Is that what I heard you say?
Lee: I'm not sure I understand you, but—
Hughes You're saying— Well I think I heard you say that there's a large demand for secure cryptography by people of the world, like me and the rest of the people in this room who don't work for the government.
Lee: That's right.
Hughes: Okay. And you're also saying that there are national security and law enforcement reasons that aren't being taken into account in the debate. Is that right?
Lee: Well I'm saying that the greatest obstacle to reaching an accommodation that gives most people and most interests most of what they want—
Hughes: Well that's the point I've been trying to make, is these interests. These interests are law enforcement interests and national security interests, right?
Lee: Right. Well I mentioned the other two, privacy for Americans and privacy for businesses—
Hughes: Okay okay. I'm just… I understand this. I'm getting to my point of…something where I'm really, really confused. So, you do acknowledge that we have a democratically run country, right?
Froomkin: Cut to the chase. Cut to the chase.
Hughes: We're getting there. You do acknowledge we have a democratically run country right?
Lee: Have you been watching the OJ trial too much.
Hughes: Yeah yeah, no I just— [laughter]
Hughes: What I want to know is that if we have a democratically run country, and we have people who want to have secure cryptography, why is it that we have these other interests that seem not to be democratically controlled that seem to have become independent interests contrary to the will of the people, and having these interests be pertinent to this debate in any sense at all? Personally, I want to have a world with secure cryptography where no one can listen to my conversation unless I want them to. And I think this is what a lot of people want. And I think that these law enforcement needs are in fact not needs but in fact an attempt at a seizure of power. So can you comment on that? [applause]
Lee: I certainly would be delighted to. You are free to go out tomorrow and back whatever political candidate you want, whatever Constitutional amendments and referenda you want to promote. The system we have now—and I'm just stating the fact—is one that invests the power of government in elected representatives. Not to give you the civics lesson, but it is through that process that the administration decided what the relevant factors were to be balanced, including law enforcement. And I think it's appropriate for everyone in this room to think about what the world would be like without law enforcement capabilities. I sat in on some of the sessions yesterday, talking about the First Amendment and the Internet and so on. And I don't think there was anyone in the room who disagreed that there was a point at which there was an appropriate role for law enforcement to play, even in this great bastion of freedom called the net.
So, that's a decision that's been made by society. You and anyone else is free to go out and try to remove law enforcement or national security as a factor, but you would want to think through very carefully the consequences of doing that before you did that or before people supported you.
Froomkin: No, I think I'm gonna have to cut you off and pick our next speaker.
Hughes: One final comment, though. And this is just a parting shot—
Froomkin: Two seconds.
Hughes: The black budget is taxation without representation, and the closure of the [?] taken on security prevents the democratic process from doing as you say it does.
Froomkin: If President Clinton told you to change the policy, you'd change it wouldn't you? I mean that's really what he— The claim seems to be that you're operating independent of the President. That's not the position is it?
Lee: It's the President's decision.
Froomkin: So have you ever talked to the President about these issues?
Lee: We didn't overlap at Oxford. [Froomkin laughs]
Karn: Didn't I read somewhere once that someone at the NSA was quoted as saying the President doesn't speak for NSA? I think that was in the [indistinct].
Ross Stapleton-Gray: Ross Stapleton-Gray, TeleDiplomacy, Inc. I think Tim May said something that really ought to be underscored about global trends. I went to a hearing on openness in the intelligence community, where I went in expecting to hear all sorts of great debate across the aisle, only to see an incredible unity of thought that more openness might embarrass our President and his conduct at foreign policy. More openness might embarrass the past President and ensure we never get back in power. A unity of the two halves of the government, the two sides of the aisle, in favor of preserving the stability and the security of…somewhat of the status quo.
And I think we're going to do the same thing globally with governments besieged by the rose growers in collusion internationally. And every other group. Such that we will find—and I think we've seen for sometime, it's much more in the interest of the US government to reach accord with the governments of Pakistan and China and Uganda against destabilizing forces from below, I think leading towards an absolute extreme where we find we're in lockstep with the governments of China and Pakistan and Uganda against these nasty rose growers. This ceased to become an academic exercise for me about a week ago when I got an email note saying, "Did you write this document?" Some person in some country out there, where we don't have meetings on computers, freedom, and privacy. A country of a number of people and we're a fifteenth of less of the world, even all of us in the US combined. This person said, "Did you write this document?" and it was some gibberish.
I said God no, I don't think so. And it came back and it said "well this is…" and it gave me the title. It was an article I've written called "Opening Doors in the Global Village."
And the person said, "The editor said you work for a certain company." And my affiliation as a CIA analyst was on there. And it said, "If you work for this company, and if you care about my country, could you tell me where I find PGP, UUEncode, etc." I got my first electronic walk-in only after I left the agency.
But this person out there, one of a larger bunch of people who are not us, living in a government that is not anywhere near as nice as the one we may be complaining about now, desperately wants to get the tools. And what I suspect, given what Tim has described in the general trend that the governments are going to start circling wagons against the threats which are indeed numerous and are indeed real… We'll see that there will be a general consensus among the various governments that, "Well, we better not let it be imported, better not let it be exported."
Just to note, I think Tim's exactly right. There's where the tension lies. I agree, from having been an intelligence analyst, that there are indeed major threats. I'll add as a former intelligence analyst, if you knew what I knew you wouldn't take so…you wouldn't let Mike Nelson say, "If you knew what I knew." [applause and cheering] There are indeed threats but I think—
Froomkin: Let me put this question to a couple members of the panel as a matter of fact. We've had a suggestion in a sense there's going to be a conspiracy of government against their people. Stewart, Ron…
Baker: I actually wanted to address a different point first, because I think it's… For those of you… I'm kind of surprised to find that Tim May and I agree upon more than most of the people on this panel. But let me turn to something I think—
May: I'm not surprised.
Baker: —that we actually agree on in terms of freedom for the world, and concerns about censorship and oppression around the world. There is one aspect of US export control policy that could be changed without invoking any of the "if you knew what I knew" kind of stuff. It wouldn't cause any harm to the national security and would be good for democracy. And that is, currently because of a Congressional law imposing sanctions on the Chinese government for slaughtering its people in Tiananmen Square, it's not possible to sell munitions without special Presidential waiver to anybody in China. What that means is you can't sell a human rights group in China secure communications that have been approved to export other parts of the world.
I don't think that makes any sense. [applause] I don't think that that's a concern at the national security level, it is a political concern. People are afraid within the administration, within the State Department, of looking as though they're being nice to China. And they're unwilling to recommend to the President that the President issue a waiver allowing the sale of encryption that's been approved for export into China. There've been some modifications to that policy but it's by no means complete the last time I looked.
That's something that could be changed. It could be changed if people thought the politics went the other way, and I think that is a doable thing that folks in this room ought to be trying to do.
Froomkin: Ron, you want to add anything to that?
Lee: Well I'd sort of like to turn the "if you knew what I knew" thing around, and a lot of what underlies the questions here is that the US government is engaged in some conspiracy or that it's not to be trusted inherently. And I'm wondering, beyond sort of the political philosophy underlying that, what specific examples are that lead people to have that concern?
[several things from audience indistinctly]
Lee: And I think when you look at each of these you'll see that appropriate oversight mechanisms have sprung up and been strengthened in response to that.
Froomkin: So the position basically is "It can't happen again…trust us!"
Lee: Cabazon, Wackenhut, Casolaro. [cheering and clapping] Now, I don't… I follow the conspiracy theories fairly carefully. I don't know that there's anything to the Mena, Arkansas CIA drug supply blah blah blah blah blah. I don't know. And I don't know that that's my major concern. I think that any kind of government at a certain size is going to have corrupt people in it. It's gonna have ex-CIA people who ship drugs around. It's gonna have current CIA people. It's gonna have French intelligence…all sorts of things. That's just the nature of humanity. That's not gonna change.
I believe the larger issue is not whether there's a conspiracy in government, but the issue of what government does, what governments do around the world when there are so many degrees of freedom. Such a vast number of communication channels. This has been a change in the world. The Medieval guilds fell apart 800 years ago. The medieval guilds had a position of intellectual property very comparable to what current corporations have. That is, the silversmiths' guild owned the knowledge of how to make silver. And the king supported that right. And this was intellectual property law of 1300.
Well, technologically that changed when printing became available. Because first, religious books were published. They were the first hot off the press. After the first initial print run of hymnals and bibles came out, the next thing that came out, somebody told me a couple nights ago it was porn. I sort of doubt it, but. What I've always heard is the next series that was out, and it's supported by the early publishing, were these books on how to do home farming-type things. How to shoe horses, how to sew… It was knowledge, basic knowledge. Within the next fifty years the guilds collapsed. This was independent of all the law and all the morality. The development of a technology that allowed increased degrees of freedom of that sort changed fundamental structures.
I think we're seeing the same thing today. These various virtual communities exceed the number of nations in the world. And arguably they're much more coherent, much more cohesive, much more dedicated. Some of them we call terrorists, others we call freedom fighters. I'm remarkably…unconcerned with what their causes are. I'm more interested in the general phenomenon of 250 nations in the world, and at least a thousand different special interest groups. And you can't stop them. You can't just say, "We're not going to allow communication." As long as you allow communication, these are going to form. And I think it's going to change over the next fifty years the nature of governments around the world. I think we're already seeing it. [applause]
Karn: Yeah I'd like to speak to the point about conspiracies. I'm not a conspiracy theorist. I don't think a conspiracy theory is necessary to explain what governments have been trying to do to suppress cryptography. There's a very simple explanation. I very strongly believe in the principle of not attributing to malice what can be adequately explained by stupidity. In the case of government, the overriding concern is CYA: cover your ass. And that explains everything they've been doing. You don't need to have a national conspiracy to explain it.
Froomkin: In the spirit let me call the next person before the audience lynches me.
Frank R[?], Stanford. And since we're privileged to have a council here from Microsoft, I thought I would ask about some of the products like Word, or Excel, or other products that have password protection. I've looked in manuals for Microsoft products as well as others, trying to find out just exactly how secure data would be if I used those features. And to this day I really don't know what kind of protection there is in there. But if there is protection in there I wonder if that comes within cryptographic regulations. And if there isn't I wonder why there isn't some kind of a warning letting me know about the security of what I put in those products.
Froomkin: The question is, do we trust Microsoft? [laughter]
Audience 3: [inaudible]
Ira Rubinstein: I think it would be best to answer that question with a bit of historical perspective. And you can laugh all you want but it's still a serious point. The export regulations predating the July 19th, '92 agreement that identified the criteria for exporting products made it virtually impossible for any American company with significant foreign revenue to design adequate security features. Because the way export controls worked at that time, if you approached the government and said, "This is what we're planning to implement," they would say, "Well…we don't know if that's exportable. Why don't you go ahead and implement it and then we'll look at your implementation." And the companies would say, "We're not going to implement it unless we know that we can sell it abroad." And you'd quickly get into this dance that resulted in no serious encryption being implemented because nobody wanted to spend the resources on the next rev of a product if that meant that you would lose your foreign markets.
So a lot of companies, not just Microsoft but other companies with password protection in application products, implemented what can only be described as weak protection. Protection that without question would not interfere with the export status of the product. Which didn't even require much discussion with the government to establish that. Anything that did require discussion meant that you either had to commit to expending the resources to develop that, to put it in a product, to test it, and then possibly have to remove it at the last minute. Or you didn't develop it at all. So, the level of the encryption that's generally available in products that had a long history prior to that July 19th, '92 agreement is quite unsatisfactory.
Following that agreement, a number of commercial companies quickly introduced a whole suite of products that were designed around the criteria identified. And they'd be in a position today if those criteria were changed to quickly respond to those changes to increase the keylength and to offer more sophisticated features.
But I want to make this point very clear because the major impact of the ITAR on US software companies to date… And bear in mind that throughout the industry the foreign revenue accounts for as much as as 50% of total sales. And US software product in the prepackaged category accounts for as much as 75% of total world prepackaged software. So, what US companies are permitted to put in their products determines what's available worldwide but also the determines what's going to be available in the US. And that's why I emphasized earlier the impact of export controls on cryptography.
Froomkin: Let me follow that up just a little bit. Tim told us, in his talk, that he thought one of the biggest problems was ignorance. And there've been many many suggestions on the net and elsewhere that perhaps— [And which Tim says to you?], you've sort of confirmed this: Microsoft products are not as secure as one might dream they could be. Why doesn't Microsoft put a disclaimer in the manuals and educational tools? Tell people you know, "We'd love to give you something better, but we can't." Wouldn't that be the best way of solving Tim's problem of educating the world?
Rubinstein: You're saying why don't they trash their product?
Froomking: No! They're saying, "We've given you the best thing we can, under the laws." You know, "It's better than what anybody else has! It's the best thing—" They're going to make whatever claims they want. "We would like to give you something even better but we can't."
Rubinstein: And what problems do you think that would solve?
Froomkin: Well Tim's claim that people are ignorant about the possibility of strong cryptography.
Rubinstein: We've not encountered ignorance about the need for cryptography, at all.
Karn: Would a product liability lawsuit help? [laugther and clapping]
Froomkin: Surely one lawsuit's enough. Americans sellers of mass-market prepackaged software make no strong warranties about their product. [laughther]
Audience 4: [indistinct sentence; name?] A couple of things, specifically to Mr. Baker. I think your point about that customers don't want secure cell phones completely misses the point. And I believe specifically if you look at one that aren't currently deployed, the CDMA, it's possible to provide domestic users completely secure authenticated privacy with no threat, because you can always control the base station sales; much easier to control.
The other thing I would answer to one of the questions originally posed, which is if you wanted to have a secure international communication, which many multinationals do—people, friends, family internationally—is that I would recommend that you speak to the people you know who are technically able and interested and urge them to participate in various international standard-setting bodies. It's clear that if you're interested in truly secure communication—uncompromised—that it will not be brought to you by any of your local governments.
And I understa— I…I'm concerned. I mean I'm concerned. I you know, think about this at night like what is this going to mean? And I don't think that we're going to stop the march towards strong cryptography. Clearly the export controls are working. I mean it slows it down. And there's consequences. There's basically…nil deployment of strong crypto domestically. And that's costing everybody.
Baker: I have to say, I think it's…as I said earlier I think it's quite likely, though not…quite proven, that we've reached a takeoff point for people wanti— You know, the mass of people wanting strong cryptography.
But I am also struck by the fact, when I was an NSA agent in [?] I went up to talk to a big hardware and software company deep into systems and networks that offers DES as an option for security. And I asked them, "Well, of your US customers, how many buy this option?"
And they said about 1%.
If you're going to make the case to get rid of export controls, the missing element… In the end, you're never going to be able to argue very effectively on either side of that…how valuable this is for national security purposes because it gets…sort of hard to talk about national security intelligence successes without blowing them…
But you can talk about what the economic impact is on US industry. And there have been some efforts in that regard. Steve Walker and the STA and the BSA have produced a lot of indications of the fact there are a lot of products out there offering security.
The missing element—I can say this about the debate inside the government. The missing element has been a credible analysis of what the actual market for that stuff is. What people are actually willing to pay. Listen, you have to develop the facts if you want to win this fight. And the way to do it is to show that there is a substantial market for this product. The best way to do it is to start with US sales and show what those US sales of secure products are. And argue that there would be the same kind of market penetration outside the United States as in if there weren't export controls.
That's the missing element in the argument again, you know. Free advice, and worth every penny. If I were working to end export controls, I would be working to develop credible estimates of actual existing market value of sales of cryptography inside the United States. And that has yet to be produced.
Froomkin: Steve, you—
Rubinstein: I am working to relieve export controls, and I can say that the Business Software Alliance did a study, and the study demonstrated that customers were prepared not to buy US software products that failed to offer strong security. I think the response…it was a Fortune 1,000 study, and the response was about right around 50% of respondents answered that question in that fashion. I think much of the problem with this man, and this is another debate that Stew and I have had previously, is that the question has been posed in the wrong way.
The question has been proposed such that the US companies are asked to demonstrate their lost sales. But US companies don't track their lost sales. Customers that want integrated security, and then buy a different product do not report to US vendors that we chose not to buy your product because it lacked these security features. I just think that's a silly request, and it's… It's not commercially feasible to provide that kind of data. It's a very complex decision that any large buyer makes as to what networking product, for example, they're going to buy. And if they end up buying one product rather than another they simply do not report back that this was…"Dear Sir, this is why I didn't buy the product. Because it lacked a security feature." I would not say that this is easy. But the fact is that the telecommunication industry was able to show very substantial sales of advanced switches when they wanted to decontrol exports of advanced switches.
And the same thing for the supercomputer industry and the computer industry when they wanted to decontrol sales of those products abroad. And it's going to be a more persuasive argument if you can show that there are actually very substantial sales of strong cryptography around the United States. And I think that you know… I don't have a stake in saying this but—
Baker: Again I disagree because—
Froomkin: Hold on, let me get Steve Walker in here, because I think you've done a study, haven't you?
Walker: Well we've actually been performing this study of what's available worldwide and what's available in the US, and we found over 400 products available overseas.
More importantly in this, we have actually gone out to try to buy products. Products from England, products from Germany, from Israel, from Poland, from Russia. And in every case where we have attempted to do that we have succeeded trivially. We are buying them in the US, sometimes from US distributors of these companies in these foreign countries, sometimes from overseas—we like to keep the stamps from the different countries, they're nice to show to Congress.
You can trivially buy cryptography in the United States from overseas. We are told by the government that other countries have the same kind of export rules that we do. That in fact is not the case. Many countries have followed the CoCom rule that says "okay, don't sell it to terrorists countries, don't sell it to former Soviet Union countries. Sell it to anybody else." France I'm told is more than happy to have their products exported. They don't want anything imported that might be used against them but they're most happy to have them put in the United States or anywhere else.
There is an enormous amount of growth in the availability of products from overseas. We for example have a firewall that we're selling, and we've added IP encryption into it. And the IP encryption we've added uses a German [?] and Infosys board that does does DES and Triple DES at T1 rates. It's available for a hundred bucks. You can buy it in the United States, you can buy it from Germany. It's trivial.
There's no one in the United States that makes that stuff anymore because they can't sell it anywhere else. If we're going to have protection for security for the NII it's going to come from foreign sources. We have to do something about that. [applause]
Froomkin: We have time for one last, incredibly fast question. And I'm told despite my protests we have to stop. I would keep going if we could.
Audience 5: This dovetails actually with the last question and I would address it to Mr. Baker and then maybe toss it over to Mr. Lee to see what the—
Froomkin: Really fast.
Audience 5: would be. If the justification from the NSA and from the government for passing regulations regulating the cryptography exports was that the market didn't exist, why did the regulations have to be there in the first place? [cheering and clapping] I mean if Microsoft was going to make the product and nobody was going to buy it, why did the government then need to pass a regulation to say "even if there were a market, you can't sell it?"
Baker: I was shorthanding the analysis. Anytime… I mean… We're not an island, we don't have all the technology in the world. It may have been true in 1950, it ain't true now. And our companies have to succeed internationally. If you're not earning 50% of your income abroad, you're not competitive anymore as an American industry. So you you can't make national security and export controls policy in a vacuum, you have to consider its impact. You have to balance the impact on national security of letting go of those controls versus the impact on US industry upkeeping them. That's the balance that everybody goes through and that's certainly true for the Clinton administration; I think that's true for the Bush administration as well.
It's very hard to have a public debate about what's the national security impact of letting go of control. But you can have a very public debate about what the impact on US industry of keeping them. and there have been—and Steve Walker's work is a useful data point. But it lacks an indication of the size of those markets, the actual market value of the products that he's identified. And I were building a case to get rid of export controls, I'd want more data on the size of that market.
Karn: It does seem that no matter how much data we find there's more that's needed to make the argument. And that's…very very frustrating.
Baker: If I could add one PS, the marketing question is not the market for standalone cryptography products. The marketing question is the entire future of electronic commerce on a worldwide basis.
Karn: That's right.
[general crosstalk from panel]
Froomin: Ron first, then Phil then Tim. And that'll be a wrap-up.
Lee: A couple of [?] to the question. One is that your question assumes kind of a static world where if export controls ended tomorrow nothing else would happen. And I think what the government has a responsibility to do is to look at what its actions are promoting, what its actions are inhibiting, what direction government policy is moving the world abroad, and whether that's a helpful or unhelpful development for all the factors that I identified before. And so even if your hypothesis is true at the moment, which I don't accept, it would certainly be different the next year and the year after that.
The other thing I wanted to point out is we've been talking about global competitiveness and export prospects for US companies as if shrink-wrapped software manufacturers are the only companies in the US that export. Those are, and Ira of course is a representative, very significant contributors to the balance of payments in the US. But there are other companies, too, that don't have anything to do with photography. And the way they sell abroad is to be able to compete on a level playing field a fair basis with foreign bidders for foreign contracts. They need a level playing field to do that. And the United States government representative that make sure that happens rely heavily on foreign intelligence to be able to do that. That's another reason why preserving foreign intelligence capabilities is important.
Froomkin: Phil, last thoughts.
Karn: I have a question still, here. I'm a little disturbed. If I wanted to publish a book I might have to convince my publisher that there's a market for this book. But are you saying that then my publisher would then have to convince the government that there's a market for this book before they'd be allowed to publish it? Something doesn't quite ring true here.
Baker: Export controls… Well. I guess I would say export controls are there because there is perceived to be a real national security danger to letting the product go. And the question is whether the economic interests of the United States and the competitiveness of its industry requires that you give up the national security interest.
Karn: In other words the dollar is much more important than fundamental human dignity. [laughter]
How else can it be said?
May: One last comment, since I don't have anything to add to this. Last night, Phil Zimmerman said that there's remarkable unanimity of purpose amongst people who ask about the crypto policy, and everybody from liberal Democrats to right-wing Republicans agree that the policy is flawed. I don't want to say that, actually.
I want to say that there's a fundamental dichotomy in American culture that's been with us for the last two or three hundred years. Two simultaneously-held views that are in conflict with each other, like a tensor. And the angle between these two things I know because I was doing my trigonometry homework during Woodstock. [laughter]
And that is there's one view which most Americans hold, which is "none of your damn business." A man's home is his castle. Get the hell out of my business.
Another view, which is simultaneously held, is "what have you got to hide?"
Froomkin: Thank you very much. And let's thank the panel.